in icedid/peloader/icedid_peloader.py [0:0]
def internal_decrypt(self, data: bytes, size: int, key: bytes) -> bytes:
outList = []
if size > 400:
log.info("size of data: %d", size)
for i in range(size):
x = i & 3
y = (i + 1) & 3
c = key[y * 4] + key[x * 4]
c = (c ^ data[i]) & 0xFF
outList.append(c.to_bytes(1, byteorder="little"))
key = self.fix_key(key, x * 4, y * 4)
return b"".join(outList)