XOR’d with key of 0×6a (Credit goes to Paul Bobby and his EnCase EnScript at http://www.paulbobby.com/temp/BUP-Parse.EnScript) Knowing that, one could use 7-zip to extract BUP file into corresponding files, then use your favourite editor (XVI32 will work fine) to XOR the File_0. WARNING: XORing will give you back the offending malware that triggered the McAfee quarantine... »
Latest Story
new OpenBSD 4.6 installer is quite an improvement over previous versions
new OpenBSD 4.6 installer is quite an improvement over previous versions »
PandaLabs cracks TotalSecurity2009
What I don't agree with is the approach PandaSecurity decided to take with this piece of ransomware. Instead of advising users on a proper cleanup procedure, they suggest registering this software using the serial numbers PandaSecurity has gleaned from the malware itself. »
How do you detect changes in individual NTFS Alternate Data Streams?
Alternate Data Streams exist in NTFS. Most utilities only seem to use the main stream to calculate checksums. Changes to alternate streams do not result in changes to the... »
SysMonthCal32 control behaviour changed starting with Vista
When the control is activated, current day of the month is selected. But when you click Next Month arrow in the control, currently selected date changes to the first... »
Protected: note to self
There is no excerpt because this is a protected post. »