Unable to unpack malware sample

Discussion on reverse-engineering and debugging.
Post Reply
DanusMinimus
Posts: 2
Joined: Wed Dec 20, 2017 6:16 pm

Unable to unpack malware sample

Post by DanusMinimus » Mon Dec 25, 2017 11:44 pm

Hello, I'm trying to unpack malware packed with ConfuserEx 1.0.0 and I can't seem to get it to work.. Each time I remove the anti-tamper the whole file gets corrupted.

I would appreciate help with understand how to unpack it. Ill provide the sample here:

[WARNING THIS IS A LIVE MALWARE SAMPLE] eagleepicsocks[dot]com/jk/jkeq[dot]exe [WARNING THIS IS A LIVE MALWARE SAMPLE]

DanusMinimus
Posts: 2
Joined: Wed Dec 20, 2017 6:16 pm

Re: Unable to unpack malware sample

Post by DanusMinimus » Wed Dec 27, 2017 8:41 am

A little update

Then I tried to debug it and check for memory dumps on x64(32 bit) debugger, I found some anti debugging mechanisms but I am still missing something because the program just keeps running junk code until i detach from it and it crashes, dumping it when its already loaded into memory also dumps junk code.

Post Reply