[EX!]

Hi!

As I’m new in RE, I am analyzing some samples of spyeye. I’d like to know where config.bin passwords are saved in V1.3. Could you please assist me on that issue?

Thanks and best regards.
:D

[EP_X0FF]

Hello,

after you remove crypters and packers all data will be in the following resources:

S1 - code used for dropper self-deletion
S2 - code used to collect some system info
C1 - trojan basic settings
C2 - xored config.bin
C3 - password