This will be an old news if you are following Ronald’s blog but nevertheless I’ve decided to make it public here as well, because the only way you can fight these menace is by sharing and dissecting. The malware is heavily obfuscated but not as much as it can get. In fact, just by glancing through the code you can see the key points of the execution process.
Don’t get too excited about this source as it is useless. In fact there is nothing interesting about it. [...]