public object Extract(StubInfo stub)
{
Type njType = stub.GetNetAssebly().GetType("j.OK");
Dictionary<string, object> settings = new Dictionary<string, object>();
settings.Add("IP", njType.GetField("H").GetValue(null));
settings.Add("Port", njType.GetField("P").GetValue(null));
settings.Add("Mutex", njType.GetField("RG").GetValue(null));
settings.Add("Critical Process", njType.GetField("BD").GetValue(null));
settings.Add("Install", njType.GetField("Idr").GetValue(null));
settings.Add("Install Directory", njType.GetField("DR").GetValue(null));
settings.Add("Install Name", njType.GetField("EXE").GetValue(null));
return settings;
}
public object Extract(StubInfo stub)
{
byte[] pattern = new byte[]
{
0x20, 0x1F, 0x25, 0x41, 0xA5, 0x28, 0x03, 0x00, 0x00, 0x2B, 0x28, 0xE4, 0x01, 0x00, 0x06, 0x6F,
0xFA, 0x01, 0x00, 0x0A, 0x20, 0x4E, 0x37, 0x7C, 0x71, 0x28, 0x03, 0x00, 0x00, 0x2B, 0x15, 0x16,
0x28, 0x61, 0x00, 0x00, 0x0A, 0x80, 0x17, 0x01, 0x00, 0x04, 0x20, 0x12, 0xE6, 0xFF, 0xFF, 0x0D,
0xFE, 0x1C, 0x09, 0x00, 0x00, 0x01, 0x20, 0x44, 0x5A, 0x00, 0x00, 0x58, 0x20, 0x48
};
byte[] functionInfo = stub.Tools.Scan(pattern, ".????................????.............", 4, 1);
uint encryptionKeyInt = BitConverter.ToUInt32(functionInfo, 0); ;
MethodBase decryptionKeyFunction = stub.GetNetAssebly().ManifestModule.ResolveMethod(0x2B000003);
MethodBase decryptionFunction = stub.GetNetAssebly().ManifestModule.ResolveMethod(0x060001E4);
object decryptionKey = decryptionKeyFunction.Invoke(null, new object[] { encryptionKeyInt });
return ((string)decryptionFunction.Invoke(null, new object[] { stub.Tools.ReadManagedResourceString("de.Resources", "SMARTLOGS"), decryptionKey })).Split('|');
}
public object Extract(StubInfo stub)
{
byte[] bSettings = stub.Tools.ReadResourceFromManifestResource("Data.bin");
MemoryStream input = new MemoryStream(bSettings);
BinaryReader binaryReader = new BinaryReader(input);
byte[] byte_ = binaryReader.ReadBytes(binaryReader.ReadInt32());
Guid guid_ = new Guid(((GuidAttribute)stub.GetNetAssebly().GetCustomAttributes(typeof(GuidAttribute), false)[0]).Value);
byte[] encryptionKey = Decrypt(byte_, guid_);
DESCryptoServiceProvider dESCryptoServiceProvider = new DESCryptoServiceProvider();
dESCryptoServiceProvider.BlockSize = 64;
dESCryptoServiceProvider.Key = encryptionKey;
dESCryptoServiceProvider.IV = encryptionKey;
ICryptoTransform icryptoTransform_1 = dESCryptoServiceProvider.CreateDecryptor();
byte[] array2 = binaryReader.ReadBytes(binaryReader.ReadInt32());
object[] array3 = smethod_4(icryptoTransform_1, array2).object_0;
int num=0;
object[] array4 = new object[(int)array3[num] - 1 + 1];
num++;
Array.Copy(array3, num, array4, 0, array4.Length);
num += array4.Length;
object[] array5 = new object[(int)array3[num] - 1 + 1];
num++;
Array.Copy(array3, num, array5, 0, array5.Length);
return ConstructDictionary(array5);
}