[TechLord]

An Youtube Video Demonstration by OA Labs : Unpacking Gootkit Malware With IDA Pro and X64dbg

Details:

Open Analysis Live!
They use IDA Pro and x64dbg to unpack a recently packed Gootkit malware (stage1).

Video bookmarks to skip ahead:
- Deobfuscating strings with IDA Python 5:15
- Identify anti-analysis tricks after string deobfuscation 9:03
- Mutex trick 14:40 - CreateFile ShareMode trick 17:33
- Fully unpacking with x64dbg 20:25
- Searching for PE in memory using x64dbg 23:24
- Carving PE files from a memory dump with a hex editor 26:24
- Final overview of the whole process 27:59

Packed sample:
Sha256: 38933984f5ff8b71c054d1c1155e308ac02377b89315ef17cea859178a30dbab