.I recently obtained two botnet clients on my honeypot, and am trying to look at them with OllyDBG and IDAPro to determine exactly their capabilities. I already know what IRC channel they connect to, which port they use, and what channel they join. I would like to determine (through RCE) what their capabilities are. I noticed that there is an encrypted/encoded segment called .tr1p0d, which I believe holds the data that I want to look at. My question is, can I use something like OllyDump to decrypt/decode the segment and take a look at what it does? I'm pretty new to RCE and looking to start off with some real world examples like these. If you're up for helping out, I can fire over a copy of the files I'm looking at, as well as the analysis I've done thus far. Thanks!
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}