Ahmet Bilal Can
Ahmet Bilal Can
Hi, suprised to see that apkid can't detect allatori. Here is what I know so far about allatori. There are 2 version of it. Demo and commercial (?) one. Demo...
I don't think these are allatori. For string encryption allatori use basic xor or make use of stack trace. I didn't see any reflection+string encryption in malware samples for allatori....
242da7c595ae33780c85d8e916d62a5c9743478b7421b9b026abd56fbdaa56cb 92ae23580c83642ad0e50f19979b9d2122f28d8b3a9d4b17539ce125ae8d93eb I'm sure I've seen this obfuscator more on bankers but couldn't find more samples :(
Correct, function names like $test() $init() also fails. Somehow we need to change $init and $new too, that would break lots of script.
Does this out variable always fixed size of 64 bit ? It seems so, connecting it to buffer display always shows 8 bytes. u32 typed variable shows 8 bytes. I...