[Vol-users] decrypting the zeus config file

malware monna malware.monna at gmail.com
Tue Apr 3 16:47:06 CDT 2012


Hi,

I'm using zeusscan2 module against a zeus infected memory dump, i'm able to
get the rc4 keys and xor keys as mentioned in this link "
http://mnin.blogspot.in/2011/09/abstract-memory-analysis-zeus.html".......i
have also downloaded the zeus config file, that this sample tried to
download, knowing this information, is it possible to decrypt the config
file, if yes,  how can i decrypt the config file or what are the steps to
decrypt the config file?....and i think the zeuscan plugin is really
awesome (Thanks Michael for writing such a great plugin, its really
useful?)..


Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20120404/7dd8957e/attachment.html


More information about the Vol-users mailing list