Registry Keys ROT13 Encrypted?

Ask your beginner questions here.
Post Reply
waffles2.0
Posts: 28
Joined: Mon Aug 01, 2016 9:49 am

Registry Keys ROT13 Encrypted?

Post by waffles2.0 » Mon Sep 12, 2016 8:03 am

Hi,

When I was inspecting the registry changes made by the current Locky version I noticed that some of the registry keys appeared to be encrypted. After some more digging I identified it as ROT 13. Apparently, this is standard for some keys within UserAssist (HKU\S-1-5-21-314102926-3488232575-4191849433-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist).

Can anyone give me some insight on if this is standard practice in the registry and why it would be encrypted?

Thanks.

User avatar
EP_X0FF
Global Moderator
Posts: 4884
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Registry Keys ROT13 Encrypted?

Post by EP_X0FF » Mon Sep 12, 2016 2:25 pm

Ring0 - the source of inspiration

waffles2.0
Posts: 28
Joined: Mon Aug 01, 2016 9:49 am

Re: Registry Keys ROT13 Encrypted?

Post by waffles2.0 » Mon Sep 12, 2016 2:44 pm

Ah okay thank you, too bad he can't explain why they are ROT13 encrypted either!

Post Reply