This blog post shows how malware authors use Adobe Flash files to hide their creations' 'sensitive' data. I'll be using 2 recent Neutrino EK and 1 FlashPack malvertising samples to demonstrate it. In the case of Neutrino EK our goal will be extraction and decryption of its configuration file and in the malvertising case we'll be after the initial payload URL + exploit shellcode.
more here......http://malwageddon.blogspot.in/2015/03/data-obfuscation-now-you-see-me-now-you.html
more here......http://malwageddon.blogspot.in/2015/03/data-obfuscation-now-you-see-me-now-you.html