|
|
|
|
|
|
by Retr0spectrum
3318 days ago
|
|
|
From what I've seen, it isn't particularly well written. However, you're probably correct about the encryption being strong. One of the reasons the infection rates are dropping off is that the malware had some kind of poorly implemented sandbox detection, where it would attempt to resolve a non-existent domain. However, now the domain has actually been registered by a researcher, so now every new infection thinks it's running in a sandbox. This is the work of someone who doesn't really know what they're doing, and they probably copied a large chunk of the code from somewhere else. |
|
|