I just used IDAScope to analyze the "Bundestrojaner".
What to do to reproduce the bug: Analyze the mfc42ul.dll (1DBB3486F409A8A9C31DB297DA7C5739) using PEiD (0.95, Nov 3 2008) and KANAL Plugin. Find the AES-SBOXes.
Analyze the dll again using IDAScope (currenty git checkout) crypto-detection functionality.
Expected result: IDAScope finds the same S-Boxes. Actual result: IDAScope does not find anything relating to AES.
I have attached the dll and the idc output from the KANAL plugin. Password: mw