A few days ago a customer sent us a sample file. The code he sent us was using a very simple technique to obfuscate string constants by building them on the fly and using ‘xor’ to hide the string contents from static disassembly: The decompiler recovered most of the xor’ed values but some of them … Continue reading Deobfuscating xor’ed strings
↧