aljaz/securedorg.github.io
1
0
Fork 0
mirror of https://github.com/aljazceru/securedorg.github.io.git synced 2025-12-26 02:14:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
deebbe8cecd855d5dca8f1d7328d1e2373ca1d9d
securedorg.github.io/RE102/re102_section7.md
SECURED.ORG ff4bf8ca1c Update re102_section7.md
2017-08-10 22:41:44 -07:00

930 B
Raw Blame History

layout, permalink, title
layout permalink title
default /RE102/section7/ Setup

Go Back to Reverse Engineering Malware 102

Section 7: Extra Fun

alt text

This concludes the workshop but you can apply the same unpacker to the resources in this malware. The payload exe is:

  1. UPX packed
  2. Has 3 resources using the same packer

As an exercise, I recommend going through them on your own.

Most packers are bought and sold on underground forums or traded amongst malware authors. The following sample called Rombertik uses this same packer. For fun you can check it out:

77bacb44132eba894ff4cb9c8aa50c3e9c6a26a08f93168f65c48571fdf48e2a

Section 6.1 <- Back | Next -> Conclusion