We added support for detecting executables ciphered with bitwise shift ciphers - ROR (shift right) and ROL (shift left) which was first reported from a sample from Mila's blog (contagiodump). Bitwise shifts are similar to multiple or division by 2's. This sample used a shift left of one position (rol 1) along with a 256byte XOR key.
Overview of Content Published in March
-
Here is an overview of content I published in March: Blog posts: Update:
metatool.py Version 0.0.4 SANS ISC Diary entries: Obfuscated Hexadecimal
Payload 1...
1 week ago