def find_encrypted

def find_encrypted_config()

in icedid/peloader/icedid_peloader.py [0:0]

12 lines of code
5 McCabe index (conditional complexity)


    def find_encrypted_config(self, file_data: bytes) -> bytes | None:
        window = 0x25C
        for i in range(len(file_data) - window):
            buf = file_data[i : i + window]
            entropy_val = self.entropy(buf)
            if (
                entropy_val > 7.5
                and file_data[i - 1] == 0x00
                and file_data[i + window] == 0x00
            ):
                return buf
        return None