[Vol-users] decrypting the zeus config file
malware.monna at gmail.com
Tue Apr 3 16:47:06 CDT 2012
I'm using zeusscan2 module against a zeus infected memory dump, i'm able to
get the rc4 keys and xor keys as mentioned in this link "
have also downloaded the zeus config file, that this sample tried to
download, knowing this information, is it possible to decrypt the config
file, if yes, how can i decrypt the config file or what are the steps to
decrypt the config file?....and i think the zeuscan plugin is really
awesome (Thanks Michael for writing such a great plugin, its really
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Vol-users