Memory dumping against packing

#27091 by kvz3
Wed Oct 28, 2015 10:23 pm

Hi all,

I was wondering, how effective is to run malware samples in a real machine and generate memory dumps to overcome packing? The goal is then to analyse the binary statically from the dump.

Thanks!
Kvz3

Username

kvz3

Posts

Joined

Mon Jul 27, 2015 12:30 pm

Re: Memory dumping against packing

#27098 by EP_X0FF
Thu Oct 29, 2015 10:35 am

Very effective. You don't need a real machine.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Memory dumping against packing

#27118 by kvz3
Sat Oct 31, 2015 7:23 am

at what point during execution should it be dumped?

Username

kvz3

Posts

Joined

Mon Jul 27, 2015 12:30 pm

Re: Memory dumping against packing

#27120 by EP_X0FF
Sun Nov 01, 2015 4:22 am

Depends on malware.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Memory dumping against packing

#27121 by TETYYSs
Sun Nov 01, 2015 1:19 pm

kvz3 wrote:at what point during execution should it be dumped?

on the final point it injects the code, often on WriteProcessMemory

Username

TETYYSs

Posts

Joined

Fri Jun 28, 2013 6:51 pm

Page 1 of 1
5 posts

Return to “Newbie Questions”

Display:

Sort by:

Jump to: