mirror of
https://github.com/aljazceru/securedorg.github.io.git
synced 2026-01-07 08:14:26 +01:00
25 lines
930 B
Markdown
25 lines
930 B
Markdown
---
|
|
layout: default
|
|
permalink: /RE102/section7/
|
|
title: Setup
|
|
---
|
|
[Go Back to Reverse Engineering Malware 102](https://securedorg.github.io/RE102/)
|
|
|
|
# Section 7: Extra Fun #
|
|
|
|
|
|
|
|
This concludes the workshop but you can apply the same unpacker to the resources in this malware. The payload exe is:
|
|
1. UPX packed
|
|
2. Has 3 resources using the same packer
|
|
|
|
As an exercise, I recommend going through them on your own.
|
|
|
|
Most packers are bought and sold on underground forums or traded amongst malware authors. The following sample called [Rombertik](https://en.wikipedia.org/wiki/Rombertik) uses this same packer. For fun you can check it out:
|
|
|
|
```
|
|
77bacb44132eba894ff4cb9c8aa50c3e9c6a26a08f93168f65c48571fdf48e2a
|
|
```
|
|
|
|
[Section 6.1 <- Back](https://securedorg.github.io/RE102/section6.1) | [Next -> Conclusion](https://securedorg.github.io/RE102/section8)
|