STEP 3: MEET THE VICTIM
Alright, now everything is set up and ready. All John needs to do is grab Bimaβs phone, click the Continue button on his phone, read SMS inbox message sent by Facebook (the reset code) on Bimaβs phone, remember it and delete the message in a single fraction of time, quickly.
This plan sticks into his head while he is now walking to the canteen. John put his phone in his pocket. He entered the canteen area, looking for Bima. He turned his head left to right figuring out where the heck is Bima. As usual he is in the corner seat, waving his hand to John, he was ready with his meal.
Immediately John takes a small portion of meal this noon, and comes close to the table with Bima. He says hi to Bima, and then they eat together. While eating, John looks around, he notices Bimaβs phone is on the table.
After they finish lunch, they are talking about each others day. As usual, until, then, at one point John open a new topic about phones. John tells him, that John needs a new phone, and John needs his advice about which phone is suited for John. Then he asked about Bimaβs phone, he asked everything, the model, the specs, everything. And then John asks him to try his phone, John acts like he is really a customer looking for a phone. Johnβs left hand grabs his phone with his permission, while his right hand is under the table, preparing to open his own phone. John sets his attention on his left hand, his phone, John talked so much about his phone, its weight, its speed and so on.
Now, John begins the Attack with turning off Bimaβs phone ring tone volume to zero, to prevent him from recognizing if a new notification comes in. Johnβs left hand still has his attention, while his right hand is actually pressing the Continue button. As soon as John pressed the button, the message comes in.
Alright, now everything is set up and ready. All John needs to do is grab Bimaβs phone, click the Continue button on his phone, read SMS inbox message sent by Facebook (the reset code) on Bimaβs phone, remember it and delete the message in a single fraction of time, quickly.
This plan sticks into his head while he is now walking to the canteen. John put his phone in his pocket. He entered the canteen area, looking for Bima. He turned his head left to right figuring out where the heck is Bima. As usual he is in the corner seat, waving his hand to John, he was ready with his meal.
Immediately John takes a small portion of meal this noon, and comes close to the table with Bima. He says hi to Bima, and then they eat together. While eating, John looks around, he notices Bimaβs phone is on the table.
After they finish lunch, they are talking about each others day. As usual, until, then, at one point John open a new topic about phones. John tells him, that John needs a new phone, and John needs his advice about which phone is suited for John. Then he asked about Bimaβs phone, he asked everything, the model, the specs, everything. And then John asks him to try his phone, John acts like he is really a customer looking for a phone. Johnβs left hand grabs his phone with his permission, while his right hand is under the table, preparing to open his own phone. John sets his attention on his left hand, his phone, John talked so much about his phone, its weight, its speed and so on.
Now, John begins the Attack with turning off Bimaβs phone ring tone volume to zero, to prevent him from recognizing if a new notification comes in. Johnβs left hand still has his attention, while his right hand is actually pressing the Continue button. As soon as John pressed the button, the message comes in.
Ding.. No sounds. Bima has not recognized the incoming message because the monitor is facing John. John immediately opens the message, reads and remembers the 6 Digit Pin in the SMS, and then deletes it soon. Now he is done with Bimaβs phone, John gives Bimaβs phone back to him while Johnβs right hand takes his own phone out and starts typing immediately the 6 Digit Pin he just remembered.
Then John presses Continue. The new page appears, it asked whether he wants to make new password or not.
John will not change the password because he is not evil. But, he now has Bimaβs facebook account. And he has succeed with his mission.
As you can see, the scenario seems so simple, but hey, how easily you could grab and borrow your friendsβ phone? If you correlate to the hypothesis by having your friendsβ phone you can get whatever you want, badly.
As you can see, the scenario seems so simple, but hey, how easily you could grab and borrow your friendsβ phone? If you correlate to the hypothesis by having your friendsβ phone you can get whatever you want, badly.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦PyPI official warehouse was poisoned by request malicious package, Tencent Security provides a comprehensive solution
> onion anti-intrusion system detected that the official PyPI warehouse was maliciously uploaded with request phishing packages. The attackers used the phishing packages to steal user sensitive information and digital currency keys, plant persistent backdoors, and remote control. Tencent Security Threat Intelligence Center reviewed this software supply chain attack and found that some users have been recruited.
> Overview
On August 5th, Tencent Onion Anti-Intrusion System detected that the official PyPI warehouse was maliciously uploaded with request phishing packages. The attackers used the phishing packages to steal user sensitive information and digital currency keys, plant persistent backdoors, and remote control. activity. Tencent Security Threat Intelligence Center reviewed this software supply chain attack and found that some users have been recruited.
> When the user installs the requests package, it is easy to mistype the name as request. As a result, it will be installed as a request malicious package using pip. Due to the popularity of the requests library and a large amount of downloads, some users have been infected by incorrectly inputting the package name.
> Since the domestic open source mirror sites are synchronized with the official PyPI warehouse, the problem will not only pass through the official warehouse, but may also affect a wider range through various open source mirror sites. Tencent Security Emergency Response Center (TSRC) recommends that all open source mirror sites and companies that rely on open source mirror sites self-check and deal with them as soon as possible to ensure that malicious libraries are removed and user systems are safe.
#News
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦PyPI official warehouse was poisoned by request malicious package, Tencent Security provides a comprehensive solution
> onion anti-intrusion system detected that the official PyPI warehouse was maliciously uploaded with request phishing packages. The attackers used the phishing packages to steal user sensitive information and digital currency keys, plant persistent backdoors, and remote control. Tencent Security Threat Intelligence Center reviewed this software supply chain attack and found that some users have been recruited.
> Overview
On August 5th, Tencent Onion Anti-Intrusion System detected that the official PyPI warehouse was maliciously uploaded with request phishing packages. The attackers used the phishing packages to steal user sensitive information and digital currency keys, plant persistent backdoors, and remote control. activity. Tencent Security Threat Intelligence Center reviewed this software supply chain attack and found that some users have been recruited.
> When the user installs the requests package, it is easy to mistype the name as request. As a result, it will be installed as a request malicious package using pip. Due to the popularity of the requests library and a large amount of downloads, some users have been infected by incorrectly inputting the package name.
> Since the domestic open source mirror sites are synchronized with the official PyPI warehouse, the problem will not only pass through the official warehouse, but may also affect a wider range through various open source mirror sites. Tencent Security Emergency Response Center (TSRC) recommends that all open source mirror sites and companies that rely on open source mirror sites self-check and deal with them as soon as possible to ensure that malicious libraries are removed and user systems are safe.
#News
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from Backup Legal Mega
π¦Certified Jenkins Engineer (CJE) β2.15 GB β
https://mega.nz/folder/Dd8jUaRC#-UWy27KxsPmJoL6ADSzBTg
https://mega.nz/folder/Dd8jUaRC#-UWy27KxsPmJoL6ADSzBTg
mega.nz
2.15 GB folder on MEGA
39 files and 9 subfolders
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Some good mods apk :
> netflix mod apk
https://t.me/UnderCodeTesting/7272
> Spootify mod apk
https://apkmody.io/apps/spotify-premium-apk
> https://apkmody.io/apps/textnow-premium-mod-apk
> Textnow mod apk
https://apkmody.io/apps/textnow-premium-mod-apk
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Some good mods apk :
> netflix mod apk
https://t.me/UnderCodeTesting/7272
> Spootify mod apk
https://apkmody.io/apps/spotify-premium-apk
> https://apkmody.io/apps/textnow-premium-mod-apk
> Textnow mod apk
https://apkmody.io/apps/textnow-premium-mod-apk
β β β Uππ»βΊπ«Δπ¬πβ β β β
Telegram
UNDERCODE TESTING
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HOW HACK/MOD AN ANDROID APK ?
1) Any decompilation of the Android application can freely customize any unreinforced APK installation package, can modify the application icon and application name, replace any text and pictures on the interface, translate or Chinese-made multi-language version, It also supports cracking of application software through advanced SMALI code.
2) It has a large number of templates for Android applications and games to facilitate decompilation. Provide a large number of the latest and most complete applications as customized templates. You can directly download and perform reverse engineering, cracking, modification, viewing source code, viewing installation package information and other operations (partial The application cannot be reverse-engineered temporarily due to reinforcement.
3) Provide multi-channel packaging function. Use the packaged APK installation package as a template. After decompilation, dynamically modify the configuration file or the channel logo in the SMALI code to achieve batch re-multi-channel packaging. Because it is not source code level packaging, it is greatly Improve the speed and efficiency of batch packaging.
4) Providing random package name and application name packaged functionality for adult theaters, adult games, APP , they would often be mobile security software and mobile butler class reported virus software that case, you can randomly from time through this function to replace the package name and application name repackaging, Coupled with the web download program, users can download the latest installation package in real time, avoiding the situation of reporting poison .
5) View the source code of the Android application at will
After decompiling the APK installation package, the source code is obtained by de-mapping. The JAVA code obtained by decompilation is suitable for analyzing the source code and viewing the internal logic of the application. Decompilation is not allowed. The decompilation project can only be modified based on the SMALI code.
6) Built-in many Android application decompilation tools
The software also provides a large number of small tools to view the installation package information, and can view mobile phone information, real-time logs, install and manage mobile phone applications, manage mobile phone files, etc. when the mobile phone is connected to the computer. Directly customize and modify the installed applications on the phone.
π¦Decompilation process:
1) Select an apk saved on the hard disk locally to start decompiling, or you can select an application from the application template to decompile
2) Modify the application icon, application name, parameters and version number
3) Modify any picture on the application interface
4) Add or delete app permissions
5) Add language support, localize or modify any string on the interface
6) Modify the code logic, realize the cracking of members, add functions or hide functions, you need to understand the basic code knowledge of smali
7) Search and replace keywords, you can change the text in the application to your own, is it cool?
8) Add small plug-ins, add pop-up registration code, pop-up message box, etc. on any interface of any application, is it very dragging?
10) After everything is changed, pack it on your phone and see the result
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HOW HACK/MOD AN ANDROID APK ?
1) Any decompilation of the Android application can freely customize any unreinforced APK installation package, can modify the application icon and application name, replace any text and pictures on the interface, translate or Chinese-made multi-language version, It also supports cracking of application software through advanced SMALI code.
2) It has a large number of templates for Android applications and games to facilitate decompilation. Provide a large number of the latest and most complete applications as customized templates. You can directly download and perform reverse engineering, cracking, modification, viewing source code, viewing installation package information and other operations (partial The application cannot be reverse-engineered temporarily due to reinforcement.
3) Provide multi-channel packaging function. Use the packaged APK installation package as a template. After decompilation, dynamically modify the configuration file or the channel logo in the SMALI code to achieve batch re-multi-channel packaging. Because it is not source code level packaging, it is greatly Improve the speed and efficiency of batch packaging.
4) Providing random package name and application name packaged functionality for adult theaters, adult games, APP , they would often be mobile security software and mobile butler class reported virus software that case, you can randomly from time through this function to replace the package name and application name repackaging, Coupled with the web download program, users can download the latest installation package in real time, avoiding the situation of reporting poison .
5) View the source code of the Android application at will
After decompiling the APK installation package, the source code is obtained by de-mapping. The JAVA code obtained by decompilation is suitable for analyzing the source code and viewing the internal logic of the application. Decompilation is not allowed. The decompilation project can only be modified based on the SMALI code.
6) Built-in many Android application decompilation tools
The software also provides a large number of small tools to view the installation package information, and can view mobile phone information, real-time logs, install and manage mobile phone applications, manage mobile phone files, etc. when the mobile phone is connected to the computer. Directly customize and modify the installed applications on the phone.
π¦Decompilation process:
1) Select an apk saved on the hard disk locally to start decompiling, or you can select an application from the application template to decompile
2) Modify the application icon, application name, parameters and version number
3) Modify any picture on the application interface
4) Add or delete app permissions
5) Add language support, localize or modify any string on the interface
6) Modify the code logic, realize the cracking of members, add functions or hide functions, you need to understand the basic code knowledge of smali
7) Search and replace keywords, you can change the text in the application to your own, is it cool?
8) Add small plug-ins, add pop-up registration code, pop-up message box, etc. on any interface of any application, is it very dragging?
10) After everything is changed, pack it on your phone and see the result
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from Backup Legal Mega
π¦aniother pack 2019-2020 courses :
> Linux+ LPIC Level 1 Exam 2
https://mega.nz/folder/7RsBXLSL#rhgbS_lluxFe4SnM_i2IpQ
> Linux+ LPIC Level 1 Exam 1
https://mega.nz/folder/OMtxVTYa#8tpp1GKr4wBdbEiGok_9Fg
> Nagios Certified Professional
https://mega.nz/folder/PF1X0TjJ#4fuurLsqxts3F09goNOpAA
> Introduction to Linux with Ubuntu 14 Desktop
https://mega.nz/folder/XN1hmZiT#JpGvI4Tp-sRtZ26FrBij8w
> Linux+ LPIC Level 1 Exam 2
https://mega.nz/folder/7RsBXLSL#rhgbS_lluxFe4SnM_i2IpQ
> Linux+ LPIC Level 1 Exam 1
https://mega.nz/folder/OMtxVTYa#8tpp1GKr4wBdbEiGok_9Fg
> Nagios Certified Professional
https://mega.nz/folder/PF1X0TjJ#4fuurLsqxts3F09goNOpAA
> Introduction to Linux with Ubuntu 14 Desktop
https://mega.nz/folder/XN1hmZiT#JpGvI4Tp-sRtZ26FrBij8w
mega.nz
File folder on MEGA
Forwarded from Backup Legal Mega
π¦Updated Profession Linux & commands :
1) Command Line Basics
https://mega.nz/folder/WZ0TzJCR#OCszFzyRzdM2ZLZeHfzLGA
2) Finding Files In Linux
https://mega.nz/folder/LYtlQRJR#NW8ldVIRJeFM31otzztw5A
3) Use Streams, Pipes, Redirects, Grep and Cut!
https://mega.nz/folder/LYtlQRJR#NW8ldVIRJeFM31otzztw5A
4) Advanced Commands And Examples
https://mega.nz/folder/WQsnQDaR#_AeS6Wvj0TgKhEr42tZPKA
E N J O Y β€οΈππ»
1) Command Line Basics
https://mega.nz/folder/WZ0TzJCR#OCszFzyRzdM2ZLZeHfzLGA
2) Finding Files In Linux
https://mega.nz/folder/LYtlQRJR#NW8ldVIRJeFM31otzztw5A
3) Use Streams, Pipes, Redirects, Grep and Cut!
https://mega.nz/folder/LYtlQRJR#NW8ldVIRJeFM31otzztw5A
4) Advanced Commands And Examples
https://mega.nz/folder/WQsnQDaR#_AeS6Wvj0TgKhEr42tZPKA
E N J O Y β€οΈππ»
mega.nz
File folder on MEGA
Forwarded from UNDERCODER
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
ALL GOOD CHECKERS
π¦Spootify & more :
> https://checkz.net/tools/spotify-account-checker
> https://github.com/Xpykerz/Spotify-Checker
π¦NETFLIX CHECKER ON GITHUB
https://github.com/AbdeslemSmahi/NetflixChecker
Features:
Python 3.x
Simple readable code
Mass Accounts checker
Combolist support
HTTP Proxy Support
π¦2020 cc checkers :
> http://necteknoloji.com/bh7cmz/checker-cc.html
> https://www.freeformatter.com/credit-card-number-generator-validator.html
> https://www.creditcards.com/
> http://mde.com.vn/hnragku/eldersc0de-checker.html
\π¦BIGGEST COLLECTION OF CHECKERS
https://mega.nz/#F!ZrAlgYRB!FxAbl6lCbEKafkkNm4J-3g
πSteam Checker
https://mega.nz/#F!Ui4nxZaB!1cG90VM6QIJaNpImnyNUBg
πGmail Checker
https://mega.nz/#F!R7pznRBb!Xicc7uBYhLrEZ7LQKqPR5w
πEbay Checker
https://mega.nz/#F!FzgQ1ZKK!aq4wyqjpYkRvbZJzIyJwqg
πPSN Checker
https://mega.nz/#F!xzRhQDRZ!fCwrExaL_rbZoV9HZqbTJA
πSkype Checker
https://mega.nz/#F!RmJjDD7C!ETsOJjw0qe-e9StFbSdnfA
πDirect Tv Checker
https://mega.nz/#F!RyZVXJwb!oW0YfM_hkd4rv880_PC6lA
πInstagram Checker
https://mega.nz/#F!FnATESTZ!qux4N4fYy3v__aO1y6ZcXw
πOrigin Checker
https://mega.nz/#F!Nm5HyT6b!BxNl7TGp0zMY5uFK66ADoA
πUplay Checker
https://mega.nz/#F!EnJllRjB!zcQlw2c3FTeeYS8F3rnneg
πNFL Checker
https://mega.nz/#F!1igCSQLZ!XIWhHhAMdt8hMwzqGe0BFg
πNBA checker
https://mega.nz/#F!MiYkGQJI!iS1oNC5OILBgmXqxy1Wqxw
πHulu Checker
https://mega.nz/#F!06IGSLJA!pE_gPS-zXPH9-sBHaenAWQ
πHBO Checker
https://mega.nz/#F!Vuol1RjJ!p3upMORnPj_yK0tzuM8Bew
πSpotify Checker
https://mega.nz/#F!MrIxzLRb!MrvGM93IoBZNrUqcyd13ZQ
πMinecraft Checker
https://mega.nz/#F!VnYExALD!Gq6s0wcWHBGasqVf7R4VvQ
πFaceBook Checker
https://mega.nz/#F!BqgVCK4Y!wNUr88nr6kXCKQ5C4IMB1Q
πCrunchyroll Checker
https://mega.nz/#F!piwjWZrb!9rOOXFXrSdIqC1EcDsDCjw
πNetflix Checker
https://mega.nz/#F!djxXyIAB!Nif0xPb6QZvGuXctLY6CIQ
U S E F O R L E A R N
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
ALL GOOD CHECKERS
π¦Spootify & more :
> https://checkz.net/tools/spotify-account-checker
> https://github.com/Xpykerz/Spotify-Checker
π¦NETFLIX CHECKER ON GITHUB
https://github.com/AbdeslemSmahi/NetflixChecker
Features:
Python 3.x
Simple readable code
Mass Accounts checker
Combolist support
HTTP Proxy Support
π¦2020 cc checkers :
> http://necteknoloji.com/bh7cmz/checker-cc.html
> https://www.freeformatter.com/credit-card-number-generator-validator.html
> https://www.creditcards.com/
> http://mde.com.vn/hnragku/eldersc0de-checker.html
\π¦BIGGEST COLLECTION OF CHECKERS
https://mega.nz/#F!ZrAlgYRB!FxAbl6lCbEKafkkNm4J-3g
πSteam Checker
https://mega.nz/#F!Ui4nxZaB!1cG90VM6QIJaNpImnyNUBg
πGmail Checker
https://mega.nz/#F!R7pznRBb!Xicc7uBYhLrEZ7LQKqPR5w
πEbay Checker
https://mega.nz/#F!FzgQ1ZKK!aq4wyqjpYkRvbZJzIyJwqg
πPSN Checker
https://mega.nz/#F!xzRhQDRZ!fCwrExaL_rbZoV9HZqbTJA
πSkype Checker
https://mega.nz/#F!RmJjDD7C!ETsOJjw0qe-e9StFbSdnfA
πDirect Tv Checker
https://mega.nz/#F!RyZVXJwb!oW0YfM_hkd4rv880_PC6lA
πInstagram Checker
https://mega.nz/#F!FnATESTZ!qux4N4fYy3v__aO1y6ZcXw
πOrigin Checker
https://mega.nz/#F!Nm5HyT6b!BxNl7TGp0zMY5uFK66ADoA
πUplay Checker
https://mega.nz/#F!EnJllRjB!zcQlw2c3FTeeYS8F3rnneg
πNFL Checker
https://mega.nz/#F!1igCSQLZ!XIWhHhAMdt8hMwzqGe0BFg
πNBA checker
https://mega.nz/#F!MiYkGQJI!iS1oNC5OILBgmXqxy1Wqxw
πHulu Checker
https://mega.nz/#F!06IGSLJA!pE_gPS-zXPH9-sBHaenAWQ
πHBO Checker
https://mega.nz/#F!Vuol1RjJ!p3upMORnPj_yK0tzuM8Bew
πSpotify Checker
https://mega.nz/#F!MrIxzLRb!MrvGM93IoBZNrUqcyd13ZQ
πMinecraft Checker
https://mega.nz/#F!VnYExALD!Gq6s0wcWHBGasqVf7R4VvQ
πFaceBook Checker
https://mega.nz/#F!BqgVCK4Y!wNUr88nr6kXCKQ5C4IMB1Q
πCrunchyroll Checker
https://mega.nz/#F!piwjWZrb!9rOOXFXrSdIqC1EcDsDCjw
πNetflix Checker
https://mega.nz/#F!djxXyIAB!Nif0xPb6QZvGuXctLY6CIQ
U S E F O R L E A R N
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - Xpykerz/Spotify-Checker: Mass Spotify Accounts Checker
Mass Spotify Accounts Checker. Contribute to Xpykerz/Spotify-Checker development by creating an account on GitHub.
π¦Follow Undercode Testing on :
> Twitter
> Twitter
> instagram
> Facebook
> Pinterest
> Linkedln
> Youtube
> Telegram
> Linkedln
> Youtube
> Telegram
Twitter
UNDERCODE TESTING {TRAINING} (@UndercodeTrain) | Twitter
The latest Tweets from UNDERCODE TESTING {TRAINING} (@UndercodeTrain). Expert Hacking | Training | Security | Hosting & much more ... @UndercodeNews @UndercodeTrain @iUndercode @DailyCve. Lebanon
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The blackmailer virus VirLocker strikes again? How to prevent VirLocker virus (with recovery guide included)
#FastTips
1) VirLocker's polymorphic function
VirLocker's changeable capabilities make everyone a headache, researchers, victims, security companies, etc. Every time VirLocker adds itself to a file, in fact the file is different from other versions of itself in many ways. VirLocker can add "pseudo-code" to some parts of itself to make the files different. It can use different APIs in the main loader of the malware to avoid partial fingerprint recognition. It can use different XOR and ROL seeds to make the files available. The encrypted content of the executable file is completely different and so on. This level of polymorphism makes it very difficult to handle.Even when the decompression stub in each file is different, it is usually used to identify each variant, it only leaves behavior and heuristics as a feasible detection method.
2) if the payload stub can be different in each creation request, and the encryption code is always seeded differently, the embedded original file will of course always be different. It depends on the file it attacks, and the resource is just a small icon of the original file it attacks. This leaves very little suitable for testing.
3) The execution of VirLocker is by no means simple. Compared with the blackmailer virus scenario that we have seen in a single case, it truly reflects multiple types of protection. When the infection is executed, the FUD wrapper (which can be polymorphic in some respects itself) unpacks the first decryption function mixed with Base64 and XOR and is always seeded differently. This new decryption function then decrypts another new decryption function mixed with XOR/ROL and is always seeded differently.
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The blackmailer virus VirLocker strikes again? How to prevent VirLocker virus (with recovery guide included)
#FastTips
1) VirLocker's polymorphic function
VirLocker's changeable capabilities make everyone a headache, researchers, victims, security companies, etc. Every time VirLocker adds itself to a file, in fact the file is different from other versions of itself in many ways. VirLocker can add "pseudo-code" to some parts of itself to make the files different. It can use different APIs in the main loader of the malware to avoid partial fingerprint recognition. It can use different XOR and ROL seeds to make the files available. The encrypted content of the executable file is completely different and so on. This level of polymorphism makes it very difficult to handle.Even when the decompression stub in each file is different, it is usually used to identify each variant, it only leaves behavior and heuristics as a feasible detection method.
2) if the payload stub can be different in each creation request, and the encryption code is always seeded differently, the embedded original file will of course always be different. It depends on the file it attacks, and the resource is just a small icon of the original file it attacks. This leaves very little suitable for testing.
3) The execution of VirLocker is by no means simple. Compared with the blackmailer virus scenario that we have seen in a single case, it truly reflects multiple types of protection. When the infection is executed, the FUD wrapper (which can be polymorphic in some respects itself) unpacks the first decryption function mixed with Base64 and XOR and is always seeded differently. This new decryption function then decrypts another new decryption function mixed with XOR/ROL and is always seeded differently.
E N J O Y β€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β