Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #
- # Script to decrypt the malware sample with the
- # MD5 hash 09002944F0F0EEC37B022507919C3538, used
- # in the video at the following URL:
- #
- # https://www.youtube.com/watch?v=bEsQ8UYioU4
- #
- oep = 0x401000
- start_ea = idc.get_segm_start(oep)
- end_ea = idc.get_segm_end(oep)
- KEY = 0x33847E02
- for addr in range(start_ea, end_ea, 4):
- dw_val = get_wide_dword(addr)
- dw_val -= KEY
- dw_val = dw_val & 0xFFFFFFFF
- patch_dword(addr, dw_val)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement