Ahmet Bilal Can

icon indicating a website link https://eybisi.run

icon company PRODAFT

Results 5 comments of Ahmet Bilal Can

Allatori 6.0 obfuscation

Hi, suprised to see that apkid can't detect allatori. Here is what I know so far about allatori. There are 2 version of it. Demo and commercial (?) one. Demo...

Allatori 6.0 obfuscation

I don't think these are allatori. For string encryption allatori use basic xor or make use of stack trace. I didn't see any reflection+string encryption in malware samples for allatori....

[DETECTION] Add rule for BlackObfuscator

242da7c595ae33780c85d8e916d62a5c9743478b7421b9b026abd56fbdaa56cb 92ae23580c83642ad0e50f19979b9d2122f28d8b3a9d4b17539ce125ae8d93eb I'm sure I've seen this obfuscator more on bankers but couldn't find more samples :(

Fix "$" method name is not handled correctly

Correct, function names like $test() $init() also fails. Somehow we need to change $init and $new too, that would break lots of script.

[Feature] Add ability to access Pattern data structures inside Data Processor

Does this out variable always fixed size of 64 bit ? It seems so, connecting it to buffer display always shows 8 bytes. u32 typed variable shows 8 bytes. I...