A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #29959  by TheExecuter
 Mon Feb 13, 2017 9:45 am
The main file shouldn't execute properly.
RtlAdjustPrivilege's 4th param is null. It'll crash for access violation.
how'd you extract the dlls?
 #29968  by tildedennis
 Tue Feb 14, 2017 4:11 pm
statically. they're stored compressed in the dropper and can be carved out and RtlDecompressBuffer'd.