evaluator
September 21st, 2012, 04:37
well, found some XOR-ed malware loader, which crushed on XP. (aclyop.exe)
then I just forsed all code peaces to dexor.. (aclyop_dexored.exe)
job happens in 3 update-able TLS-callbacks.
finally new process will launched with decrypted and remapped main module. (aclyop_inside.bin)
Password: malware
then I just forsed all code peaces to dexor.. (aclyop_dexored.exe)
job happens in 3 update-able TLS-callbacks.
finally new process will launched with decrypted and remapped main module. (aclyop_inside.bin)
Password: malware