---
layout: default
permalink: /RE102/section7/
title: Setup
---
[Go Back to Reverse Engineering Malware 102](https://securedorg.github.io/RE102/)

# Section 7: Extra Fun #

![alt text](https://securedorg.github.io/RE102/images/SectionFun_intro.gif "intro")

This concludes the workshop but you can apply the same unpacker to the resources in this malware. The payload exe is:
1. UPX packed
2. Has 3 resources using the same packer

As an exercise, I recommend going through them on your own.

Most packers are bought and sold on underground forums or traded amongst malware authors. The following sample called [Rombertik](https://en.wikipedia.org/wiki/Rombertik) uses this same packer. For fun you can check it out:

```
77bacb44132eba894ff4cb9c8aa50c3e9c6a26a08f93168f65c48571fdf48e2a
```

[Section 6.1 <- Back](https://securedorg.github.io/RE102/section6.1) | [Next -> Conclusion](https://securedorg.github.io/RE102/section8)