I was trying to de-obfuscate data created in registry key by Kovter mawalre. I tried to use JSDetox but failed. Have someone tried to do it?Iappreciate any help to decode it. thanks. I attached a sample.
There not so many RegSetValueEx calls in the final payload. Probably you should bp at them. This malware is a container type: VB crypter -> Dropper with encrypted payload in resource -> Actual Delphi Kovter with some encrypted stuff in resource (probably cfg). So get the actual malware from dropper and run under debugger.