Skip to content

Instantly share code, notes, and snippets.

@herrcore

herrcore/brazil_banker_string_decrypt.py

Created January 26, 2017 19:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save herrcore/c9cf29daf1ab4a83543e553e60f53dba to your computer and use it in GitHub Desktop.
Save herrcore/c9cf29daf1ab4a83543e553e60f53dba to your computer and use it in GitHub Desktop.
Download ZIP
String decryption for unknown Brazil banker trojan; packed:dc8a114965069f91081c2bb0b9a0e8635c1627648a9b599f573c35713724b204, unpacked: 96d4a0d59f27be9cceb1473cb3d5f4dc2863837a9dfd94f0dfeab20092ea6466
Raw
brazil_banker_string_decrypt.py
def decrypt_string(ctxt):
tbl = 'UmlXZEyNki880daneIlvAipdZ5Kz45FucTmGiIhYdbFHromzJjbisCtBCm'
ctxt_bin = ''
for i in re.findall('..',ctxt):
ctxt_bin += chr(int(i,16))
ptxt = ''
for i in range(0,len(ctxt_bin) - 1):
mut_chr = ord(ctxt_bin[i])
tmp_chr = ord(ctxt_bin[i+1]) ^ ord(tbl[i])
if mut_chr > tmp_chr:
ptxt += chr(0xff + tmp_chr - mut_chr)
else:
ptxt += chr(tmp_chr - mut_chr)
return ptxt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment