void Chiffrement(undefined heap_process,undefined param_2,undefined file_size, undefined lpNumberOfBytesRead,void *heap_allocation,uint file_attributs, PUCHAR *encrypted_file_content,ULONG *param_8) { uint call_status; uint call_status_2; HANDLE current_process_heap_handle; PUCHAR allocated_heap_block_ptr; undefined8 flags; PUCHAR allocated_heap_block_2; uint *propertie_value; ulonglong CNG_provider_ObjectLength; wchar_t *CNG_provider_new_propertie_value; ulonglong uVar1; ulonglong dwBytes; undefined8 propertie_value_buffer_size; PUCHAR pbInput; PUCHAR allocated_heap_block; undefined auStackY184 [32]; uint CNG_provider_BlockLength_variable; uint output_buffer_encryption_size; uint propertie_value_buffer [2]; BCRYPT_HANDLE crypt_handle; BCRYPT_KEY_HANDLE key_handle; ULONG nb_copied_bytes [2]; ulonglong local_30; local_30 = DAT_140006008 ^ (ulonglong)auStackY184; allocated_heap_block_ptr = (PUCHAR)0x0; flags = 0; propertie_value_buffer_size = 0; pbInput = (PUCHAR)0x0; *encrypted_file_content = (PUCHAR)0x0; allocated_heap_block_2 = (PUCHAR)0x0; allocated_heap_block = (PUCHAR)0x0; *param_8 = 0; crypt_handle = (BCRYPT_HANDLE)0x0; key_handle = (BCRYPT_KEY_HANDLE)0x0; output_buffer_encryption_size = 0; nb_copied_bytes[0] = 0; propertie_value_buffer[0] = 0; CNG_provider_BlockLength_variable = 0; /* Charge et initialise un CNG provider. Le CNG permet l'interaction avec l'API de cryptographie windows. */ call_status = BCryptOpenAlgorithmProvider(&crypt_handle,L"AES",(LPCWSTR)0x0,0); /* Cas d'erreur de l'obtention du CNG provider */ if ((int)call_status < 0) { Debug_print(&DAT_140003358,(ulonglong)call_status,propertie_value_buffer_size,flags); allocated_heap_block_2 = allocated_heap_block_ptr; pbInput = allocated_heap_block_ptr; allocated_heap_block = allocated_heap_block_ptr; /* Cas de succès de l'obtention du CNG provider */ } else { propertie_value = propertie_value_buffer; propertie_value_buffer_size = 4; /* Récupère l'attribut ObjectLength de l'objet CNG provider */ call_status_2 = BCryptGetProperty(crypt_handle,L"ObjectLength",(PUCHAR)propertie_value,4,nb_copied_bytes,0) ; call_status = propertie_value_buffer[0]; /* Cas d'erreur de l'obtention de l'attribut ObjectLength du CNG provider */ if ((int)call_status_2 < 0) { Debug_print(&DAT_140003358,(ulonglong)call_status_2,propertie_value, propertie_value_buffer_size); } else { /* Cas de succès de l'obtention de l'attribut ObjectLength du CNG provider. Récupère un handle sur la heap du process courant */ current_process_heap_handle = GetProcessHeap(); CNG_provider_ObjectLength = (ulonglong)call_status; flags = 0; /* Alloue un buffer sur la heap du process courant de la taille de l'objet CNG provider */ allocated_heap_block = (PUCHAR)HeapAlloc(current_process_heap_handle,0,CNG_provider_ObjectLength); /* Si l'allocation sur la heap n'a pas fonctionné */ if (allocated_heap_block == (PUCHAR)0x0) { Debug_print(&DAT_1400033a8,flags,CNG_provider_ObjectLength,propertie_value_buffer_size); allocated_heap_block_2 = allocated_heap_block_ptr; pbInput = allocated_heap_block_ptr; } else { /* Si l'allocation sur la heap a fonctionné */ propertie_value = &CNG_provider_BlockLength_variable; propertie_value_buffer_size = 4; /* Récupère l'attribut BlockLength de l'objet CNG provider */ call_status = BCryptGetProperty(crypt_handle,L"BlockLength",(PUCHAR)propertie_value,4, nb_copied_bytes,0); /* Cas d'erreur de l'obtention de l'attribut BlockLength du CNG provider */ if ((int)call_status < 0) { Debug_print(&DAT_140003358,(ulonglong)call_status,propertie_value, propertie_value_buffer_size); } else { /* Cas de succès de l'obtention de l'attribut BlockLength du CNG provider */ CNG_provider_ObjectLength = (ulonglong)CNG_provider_BlockLength_variable; if (CNG_provider_BlockLength_variable < 0x11) { /* Récupère un handle sur la heap du process courant */ current_process_heap_handle = GetProcessHeap(); flags = 0; /* Alloue un buffer sur la heap du process courant de la taille de l'objet CNG provider */ allocated_heap_block_2 = (PUCHAR)HeapAlloc(current_process_heap_handle,0,CNG_provider_ObjectLength); /* Si l'allocation sur la heap n'a pas fonctionné */ if (allocated_heap_block_2 == (PUCHAR)0x0) { Debug_print(&DAT_1400033a8,flags,CNG_provider_ObjectLength,propertie_value_buffer_size ); } else { /* Si l'allocation sur la heap a fonctionné. Copie la clé complète 'la srs c'est vraiment super !!!!' dans la mémoire allouée sur la heap précédemment (allocated_heap_block_2) */ memcpy(allocated_heap_block_2,s_la_srs_c'est_vraiment_super_!!!!_140006038, (ulonglong)CNG_provider_BlockLength_variable); CNG_provider_new_propertie_value = L"ChainingModeCBC"; propertie_value_buffer_size = 0x20; /* Modifie une propriété de l'object CNG provider: ChainingMode = ChainingModeCBC */ call_status = BCryptSetProperty(crypt_handle,L"ChainingMode", (PUCHAR)L"ChainingModeCBC",0x20,0); /* Si la modification de la propriété ChainingMode a échoué */ if ((int)call_status < 0) { Debug_print(&DAT_140003358,(ulonglong)call_status,CNG_provider_new_propertie_value, propertie_value_buffer_size); } else { /* Si la modification de la propriété ChainingMode a réussi */ CNG_provider_ObjectLength = (ulonglong)propertie_value_buffer[0]; allocated_heap_block_ptr = allocated_heap_block; /* Génère la clé symétrique avec la chaine de caractère 'iment_super_!!!!' */ call_status = BCryptGenerateSymmetricKey (crypt_handle,&key_handle,allocated_heap_block, propertie_value_buffer[0], (PUCHAR)(s_la_srs_c'est_vraiment_super_!!!!_140006038 + 0x10),0x10,0); if ((int)call_status < 0) { Debug_print(&DAT_140003358,(ulonglong)call_status,allocated_heap_block_ptr, CNG_provider_ObjectLength); } else { dwBytes = (ulonglong)file_attributs; current_process_heap_handle = GetProcessHeap(); propertie_value_buffer_size = 0; uVar1 = dwBytes; pbInput = (PUCHAR)HeapAlloc(current_process_heap_handle,0,dwBytes); if (pbInput == (PUCHAR)0x0) { Debug_print(&DAT_1400033a8,propertie_value_buffer_size,uVar1, CNG_provider_ObjectLength); } else { memcpy(pbInput,heap_allocation,dwBytes); propertie_value_buffer_size = 0; CNG_provider_ObjectLength = (ulonglong)file_attributs; call_status_2 = BCryptEncrypt(key_handle,pbInput,file_attributs,(void *)0x0, allocated_heap_block_2,CNG_provider_BlockLength_variable, (PUCHAR)0x0,0,&output_buffer_encryption_size,1); call_status = output_buffer_encryption_size; if ((int)call_status_2 < 0) { Debug_print(&DAT_140003358,(ulonglong)call_status_2,CNG_provider_ObjectLength, propertie_value_buffer_size); } else { current_process_heap_handle = GetProcessHeap(); allocated_heap_block_ptr = (PUCHAR)HeapAlloc(current_process_heap_handle,0,(ulonglong)call_status); *encrypted_file_content = allocated_heap_block_ptr; *param_8 = output_buffer_encryption_size; propertie_value_buffer_size = 0; /* Appelle une fonction de chiffrement. Stock le résultat du chiffrement dans encrypt_file_content */ call_status = BCryptEncrypt(key_handle,pbInput,file_attributs,(void *)0x0, allocated_heap_block_2, CNG_provider_BlockLength_variable, *encrypted_file_content, output_buffer_encryption_size,nb_copied_bytes,1); if ((int)call_status < 0) { Debug_print(&DAT_140003358,(ulonglong)call_status,dwBytes, propertie_value_buffer_size); } } } } } } } else { Debug_print(&DAT_140003358,(ulonglong)call_status,propertie_value, propertie_value_buffer_size); } } } } } if (crypt_handle != (BCRYPT_ALG_HANDLE)0x0) { /* Ferme le handler CNG provider */ BCryptCloseAlgorithmProvider(crypt_handle,0); } if (key_handle != (BCRYPT_KEY_HANDLE)0x0) { /* Ferme le handler contenant la clé de chiffrement */ BCryptDestroyKey(key_handle); } if (pbInput != (PUCHAR)0x0) { current_process_heap_handle = GetProcessHeap(); /* Libère le premier buffer alloué sur la heap */ HeapFree(current_process_heap_handle,0,pbInput); } if (allocated_heap_block != (PUCHAR)0x0) { current_process_heap_handle = GetProcessHeap(); /* Libère le deuxième buffer alloué sur la heap */ HeapFree(current_process_heap_handle,0,allocated_heap_block); } if (allocated_heap_block_2 != (PUCHAR)0x0) { current_process_heap_handle = GetProcessHeap(); /* Libère le troisième buffer alloué sur la heap */ HeapFree(current_process_heap_handle,0,allocated_heap_block_2); } FUN_140001b10(local_30 ^ (ulonglong)auStackY184); return; }