IDA Pro: IDC Script for Decrypting VB Obfuscated Malware

I was playing with a piece of malware with Jun Yee and we came across an obfuscated string in the VB code. The malware itself was written in Microsoft Visual Basic 6. It has a feature that allows the malware to overwrite itself after execution just to make it a bit stealthier. Additionally, the virus itself contains an obfuscated string . Thanks to Jun Yi for helping me decrypt it faster.

Binary Hash: A2904D4E6527278C94EAC1FB2B665572

Leave a Reply

Your email address will not be published. Required fields are marked *