We added support for detecting executables ciphered with bitwise shift ciphers - ROR (shift right) and ROL (shift left) which was first reported from a sample from Mila's blog (contagiodump). Bitwise shifts are similar to multiple or division by 2's. This sample used a shift left of one position (rol 1) along with a 256byte XOR key.
Update: 1768.py Version 0.0.22
-
This is a bug fix version. 1768_v0_0_22.zip (http)MD5:
6446F5C09BF70FAFBB3171734844B350SHA256:
4716A4A72FB4C0265CAF541D5FF709615B9CB4129C20C98F1BBA535AA5D4...
2 weeks ago
No comments:
Post a Comment