FOREWORD:
- Pandora’s code looks very weird and obfuscate complicated, so this analysis does not cover all its functions.
- I’m not a crypto expert, so I won’t dive into Pandora’s function like generating encryption key, process of creating threads to do its main task of encrypting files, writing file footer,..
- During malware code analysis, I found that Pandora and Rook ransomware (https://chuongdong.com/reverse%20engineering/2022/01/06/RookRansomware) shared a lot of similarities.
1. Pandora sample
The analyzed sample is a 64-bit executable: 0c4a84b66832a08dccc42b478d9d5e1b
(more…)