A forum for reverse engineering, OS internals and malware analysis 

Discussion on reverse-engineering and debugging.
 #10700  by disturbed
 Thu Dec 29, 2011 6:04 pm
VBCrypt unpacking help,

Hi,

Can you guys plz help me unpacking the attached sample?

Thanks,

disturbed
Attachments
pwd: infected
(17.53 KiB) Downloaded 41 times
 #10760  by EP_X0FF
 Tue Jan 03, 2012 10:52 am
Run-time error "53"
File not found.
 #10773  by p4r4n0id
 Tue Jan 03, 2012 6:45 pm
Hi Guys,

Played a bit with the packed sample and noticed that it talks with it's C&C via the ms-sql protocol. I was not able to see any usage of the odbc.dll so how the fu# it creates a ms-sql connection? Anyone?

Thx,
p4r4n0id