Help to unpack malware

Discussion on reverse-engineering and debugging.
Post Reply
Cyber_
Posts: 1
Joined: Fri Mar 08, 2013 4:28 pm

Help to unpack malware

Post by Cyber_ » Tue Apr 02, 2013 12:13 pm

Hi,

I would like to ask for my help. I can't unpack this malware. My result is only crash. (OEP: 0047FDB0)

Packer: Autoit Cryptor + UPX

Someone can help me?

Thanks!

pass: infected*
http://rghost.net/private/44963997/cb94 ... 68de56e0f1

User avatar
EP_X0FF
Global Moderator
Posts: 4872
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Help to unpack malware

Post by EP_X0FF » Tue Apr 02, 2013 12:42 pm

IRC bot
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration

SomeUnusedName
Posts: 46
Joined: Fri Oct 07, 2011 1:17 pm

Re: Help to unpack malware

Post by SomeUnusedName » Wed May 29, 2013 3:47 pm

What was the exact problem with unpacking the given binary?

It works as usual, catch the RunPE stuff (AutoIt used to create suspended process followed by ZwResumeThread), then follow into the new process, where it's simply UPX.

You obviously know both, so what went wrong?

Post Reply