Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@cecio
cecio authored Jan 10, 2021
1 parent cf18856 commit 68aa24d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ All the strings are encrypted in a BLOB, located, in this particular dumped samp

![encrypted_blob](https://github.com/cecio/EMOTET-2020-Reversing/blob/main/pictures/encrypted_blob.png)

The green box is the XOR key and the yellow one is the length of the string. The function used to perform the decryption is the `__decrypt_buffer_string_FUN_10006aba` and `__decrypt_headers_footer_FUN_100033f4`
The **green** box is the XOR key and the **yellow** one is the length of the string. The function used to perform the decryption is the `__decrypt_buffer_string_FUN_10006aba` and `__decrypt_headers_footer_FUN_100033f4`

<img src="https://github.com/cecio/EMOTET-2020-Reversing/blob/main/pictures/Ghidra_6aba.PNG" alt="Ghidra_6aba" />

Expand Down

0 comments on commit 68aa24d

Please sign in to comment.