emotet_research icon indicating copy to clipboard operation
emotet_research copied to clipboard
verified publisher icon d00rt

recent samples it failes on

Open scusi opened this issue 6 years ago • 1 comments

Thank you, your tool works great on a bunch of recent payloads.

On the following samples it failed to extract RSA and/or IPS:

6383dd7c624ae6f922a8d3843c953fef1afa7d87d482a9b064391b1871c13998 698f326333fccb0050edabef63c386b6bb3ef2917460d9d2cd01466aca931410 6e55912b89e79469f6a0d8e73539998a1b1f9c44a676bcdf67ed167051e6b407 7b427a5d7cb28116f84cc2f5b850426275ad5a302f690dcf0b9eb74fd1700291 935b54ad81a8a1ba101d6b31e02b0ad74ec66ff09b98295bf3d50e1f377bb4cf ce864ad710f8e2c25e78acfa8d10d0599e572a67d0e3f42169a6a653b667975b eee0e0e3be71c4ad4e65e7f8a2f8a17dec0e7c68cd299297259b3fbb9f064b34

In one case (698f32...) the payload crashed and in the other cases the payload infected the system without extracing RSA keys or IPS.

scusi avatar Jan 21 '19 13:01 scusi

Hey, I am currently on a trip outside my country and I do not have access to the computer, would you mind contacting me by mail [email protected] or by twitter @D00RT_RM?

d00rt avatar Jan 28 '19 23:01 d00rt