Advertisement
joxeankoret

Script to decrypt the FlyStudio malware sample show in the Youtube video

Feb 17th, 2021
1,576
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 0.44 KB | None | 0 0
  1. #
  2. # Script to decrypt the malware sample with the
  3. # MD5 hash 09002944F0F0EEC37B022507919C3538, used
  4. # in the video at the following URL:
  5. #
  6. # https://www.youtube.com/watch?v=bEsQ8UYioU4
  7. #
  8. oep = 0x401000
  9. start_ea = idc.get_segm_start(oep)
  10. end_ea   = idc.get_segm_end(oep)
  11.  
  12. KEY = 0x33847E02
  13. for addr in range(start_ea, end_ea, 4):
  14.   dw_val = get_wide_dword(addr)
  15.   dw_val -= KEY
  16.   dw_val = dw_val & 0xFFFFFFFF
  17.   patch_dword(addr, dw_val)
  18.  
  19.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement