We added support for detecting executables ciphered with bitwise shift ciphers - ROR (shift right) and ROL (shift left) which was first reported from a sample from Mila's blog (contagiodump). Bitwise shifts are similar to multiple or division by 2's. This sample used a shift left of one position (rol 1) along with a 256byte XOR key.
Posts
Update: base64dump.py Version 0.0.8
-
This new version of base64dump adds support to decode strings like UNICODE
strings (-t). base64dump_V0_0_8.zip (https) MD5:
1B379A08FBC6E7686A89AF099699B07...
13 hours ago
No comments:
Post a Comment