What is encryption software used by Antti Tikkanen?

Arduinu

I watched on TV a couple of days ago, Prisma Studio program and I would like to know what program Antti Tikkanen used decryption?

Janiashvili

who the hell is Antti Tikkanen?..

 

 

 

 

MJ-perComp

This is Antti!

 

http://fi.linkedin.com/in/tikkanen

Arduinu

It would be nice if I could get the name of the program, so that I could research a computer that is full of viruses.

MJ-perComp

When was it exactly?

please check here http://www.katsomo.fi/?treeId=33001005

 

Arduinu

It doesn't  come from the MTV3 it came YLE view it here : http://areena.yle.fi/video/1320346677150   look forward 11.10.

MJ-perComp

Does not show outside Suomi....

 

I guess we need to wait for Antti to reply himself...

Arduinu

I take screenshot, Yle have bad quality on internet videos.

 

 

 

 

Janiashvili

oh my bad

 

 

sorry about Antti what I said...

AnttiT

Hi!

 

In your screenshot I'm decrypting an embedded, encrypted program from the original sample. The tool you see is Immunity Debugger (http://immunityinc.com/products-immdbg.shtml). However, it isn't quite as straightforward as taking a malware sample and asking Immunity Debugger to decrypt it. In this case, I analyzed the sample a bit and found the decryption loop, and what you see is me stepping the malware though this loop. So you actually need to understand a bit about how the malware in question works to do this.

 

The other tool you see in the clip is the HIEW hex editor (http://www.hiew.ru/). I used it to decrypt the URL in the sample. For this to work, I had to reverse engineer the sample to recover the decryption routine. I then implemented the routine into HIEW to decrypt the string.

 

Hope this helps,

Antti

Arduinu

That help, but i got those programs names after your reply, because Prisma Studio was shown again today and i save it and look programs names, but still thanks. 

 

Ps. I am 15 years old boy from Finland

Janiashvili

haha, congrats!