Help to unpack malware

#18807 by Cyber_
Tue Apr 02, 2013 12:13 pm

Hi,

I would like to ask for my help. I can't unpack this malware. My result is only crash. (OEP: 0047FDB0)

Packer: Autoit Cryptor + UPX

Someone can help me?

Thanks!

pass: infected*
http://rghost.net/private/44963997/cb94 ... 68de56e0f1

Username

Cyber_

Posts

Joined

Fri Mar 08, 2013 4:28 pm

Re: Help to unpack malware

#18810 by EP_X0FF
Tue Apr 02, 2013 12:42 pm

IRC bot

Attachments

decrypted.rar

pass: infected
(158.79 KiB) Downloaded 39 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Help to unpack malware

#19463 by SomeUnusedName
Wed May 29, 2013 3:47 pm

What was the exact problem with unpacking the given binary?

It works as usual, catch the RunPE stuff (AutoIt used to create suspended process followed by ZwResumeThread), then follow into the new process, where it's simply UPX.

You obviously know both, so what went wrong?

Username

SomeUnusedName

Posts

Joined

Fri Oct 07, 2011 1:17 pm

Page 1 of 1
3 posts

Return to “Reverse Engineering and Debugging”

Display:

Sort by:

Jump to: