We continue to analyse the Shamoon malware. This blog contains information about the internals of the malicious samples involved in this campaign. Samples nesting The main executable (dropper) includes 3 resources, each maintains a ciphered program. The cipher is pretty simple ? xor by dword. This was mentioned in our first blog-post. Resource PKCS12:112 maintains […]
Latest Comments