A forum for reverse engineering, OS internals and malware analysis 

Discussion on reverse-engineering and debugging.
 #18810  by EP_X0FF
 Tue Apr 02, 2013 12:42 pm
IRC bot
pass: infected
(158.79 KiB) Downloaded 39 times
 #19463  by SomeUnusedName
 Wed May 29, 2013 3:47 pm
What was the exact problem with unpacking the given binary?

It works as usual, catch the RunPE stuff (AutoIt used to create suspended process followed by ZwResumeThread), then follow into the new process, where it's simply UPX.

You obviously know both, so what went wrong?