A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #18145  by RoxinAz
 Mon Feb 11, 2013 10:18 am
Hi,
I'm analyzing stabuniq with MD5= f31b797831b36a4877aa0fd173a7a4a2
and it get cookie from "http://sovereutilizeignty.com/rssnews.php" , but after that it checks "response=" and then decode extracted response string to some data. After decoding it has some dynamic call relevant to these strings... can anybody help about how it decode strings or "what is exact string to be patched?"
 #18147  by EP_X0FF
 Mon Feb 11, 2013 11:57 am
I'm analyzing stabuniq with MD5= f31b797831b36a4877aa0fd173a7a4a2
I'm glad for you. Now wait for telepaths who can give you answers looking on MD5.