Old backdoor, new obfuscation

(isc.sans.edu)

39 points | by kencausey 405 days ago

1 comments

  • yarg 402 days ago
    Surely this sort of crap is heuristically detectable?

        def opaque_fct_6_guXM09JTqW(opaque_fct_6_guXM09JTqW_0, opaque_fct_6_guXM09JTqW_1, opaque_fct_6_guXM09JTqW_2, opaque_fct_6_guXM09JTqW_3, opaque_fct_6_guXM09JTqW_4):
            if (opaque_fct_6_guXM09JTqW_1 > opaque_fct_6_guXM09JTqW_0):
                return True
            if (opaque_fct_6_guXM09JTqW_4 <= opaque_fct_6_guXM09JTqW_1):
                return True
            ...
            if (opaque_fct_6_guXM09JTqW_0 <= opaque_fct_6_guXM09JTqW_1):
                return True
            if (opaque_fct_6_guXM09JTqW_0 >= opaque_fct_6_guXM09JTqW_1):
                return False