Michael Gillespie on Twitter: "@fbgwls245 @BleepinComputer @Amigo_A_ @siri_urz @malwrhunterteam Idiots... They read 0x400 bytes of the file, AES-CBC encrypt it (adding 0x10 extra bytes of padding), then BASE64 ENCODE that and WRITE
Cryptopals: Exploiting CBC Padding Oracles – NCC Group Research
See Lecture 9 slide 25. Suppose ESP is being used | Chegg.com