Skip to content

Instantly share code, notes, and snippets.

@mak

mak/dridex_decode.py

Created November 17, 2015 07:57
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save mak/dccb5f579a3d1e0b0180 to your computer and use it in GitHub Desktop.
Save mak/dccb5f579a3d1e0b0180 to your computer and use it in GitHub Desktop.
Download ZIP
Decode dridex strings
Raw
dridex_decode.py
def dridex_decode_name(addr,idx,delm="\x00"):
addr += 8; tmp = ''; j = 0
xkey = GetManyBytes(addr,8)
for i in range(idx+1):
tmp = ''
while not tmp.endswith(delm):
tmp += chr(ord(xkey[j%8]) ^ Byte(addr+8+j))
j+=1
return tmp.strip(delm)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment