Closed AndreaNaspi closed 2 years ago
I'm analyzing a BlackMatter sample using the stackstack IDA pro plugin (SHA256: 22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6).
On certain encoded strings, like the following one, the "decode current" works well (first XOR-encoded string in sub_4095D6).
On other strings, the "decode current" makes IDA crash (first XOR-encoded string in sub_409750).
If needed I can share the sample in private.
I'm analyzing a BlackMatter sample using the stackstack IDA pro plugin (SHA256: 22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6).
On certain encoded strings, like the following one, the "decode current" works well (first XOR-encoded string in sub_4095D6).
On other strings, the "decode current" makes IDA crash (first XOR-encoded string in sub_409750).
If needed I can share the sample in private.