Open nitram2342 opened 1 year ago
Windows provides functions for data encryption, mainly for the purpose of preserving confidentiality or for obfuscation of local-only files. Encrypted file have a distinct header, which is in hex:
01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB
There is also a base64-encoded version of this, which can be found in text representations and which is:
AQAAANCMnd8BFdERjHoAwE/C...
Maybe these patterns can be added for detection.
Windows provides functions for data encryption, mainly for the purpose of preserving confidentiality or for obfuscation of local-only files. Encrypted file have a distinct header, which is in hex:
01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB
There is also a base64-encoded version of this, which can be found in text representations and which is:
AQAAANCMnd8BFdERjHoAwE/C...
Maybe these patterns can be added for detection.