Add Ice9Scan, which is decrpytion capability for Ice9 (Zeus derivative)

volatilityfoundation / community

Volatility plugins developed and maintained by the community

336 stars 144 forks source link

Add Ice9Scan, which is decrpytion capability for Ice9 (Zeus derivative) #42

Open jgru opened 3 years ago

jgru commented 3 years ago

This adds another class named Ice9Scan to ZeusScan/zeusscan.py. This new class provides the custom RC4 routine tailored to Ice9-malware, which is a slightly adapted Zeus derivative.