Taking down Gooligan: part 2 — inner workings
Elie
MARCH 17, 2018
This file is encrypted with a hardcoded [XOR encryption] function. This encryption is used to escape the signatures that detect the code that Gooligan borrows from previous malware. Encrypting malicious payload is a very old malware trick that has been used by. since at least 2011. back in 2011.
Let's personalize your content