  1. I’m left handed and im using my right hand for mouse navi, to be honest I’ve never seen anyone using his mouse with the left hand…

  2. yes i found the same code :)
    I also found a strange/bugged implementation
    of RC4 used to encrypt/decrypt the strings:
    In the loop for generating the stream the author seem to have done something like this:

    for(int i=0; i < len; i++) {
    i = i % 256;

    instead of
    i = (i + 1) % 256;

    dont know yet if its a feature or a bug ;)
    what do you think ?

  3. Yes *asaperlo*, you are right about RC4 implementation. The code is bugged if and only if the author wanted to implement RC4 algorithm otherwise we’ll have to study a new crypto algo :p
    Joking apart, it seems to be RC4, atleast looking at the initialization part of the crypto algo; I think it’s a oversight but it’s pretty strange. There are some more funny things inside the malware (strange code implementation, virtual machine check), more in the next days… stay tuned.

