Friday, April 16, 2021

Generic unpacking malware steps

1.) Open malware in IDA

2.) Find the 'ret' of WinMain and look for closes "call" statements above it

3.) Find a VirtualAlloc, follow the EAX result get passed around until you see it in a "call" statement

4.) Find the address of that "call" statement

5.) Flip over to x32dbg, open the same malware, put a breakpoint on the address of the "call"

6.) Also set a breakpoint on VirtualAlloc (bp VirtualAlloc)

7.) Run until breakpoints, Follow in Dump repeatedly on EAX, looking at previous dumps

8.) Find MZ header that does not match original (use Hex Editor to compare)

9.) Follow in memory map, Dump to File, review in PE Studio to see if unpacked

 

4 comments:

  1. Are you in need of finance? we give out guarantee cash at 3% interest rate. Contact us on any kind of finance now: financialserviceoffer876@gmail.com whatsapp Number +918929509036 Dr James Eric Finance Pvt Ltd

    ReplyDelete
  2. I was thrown out of my own house was sleeping in a hotel for weeks she also took possession of my son could only see him once a week then I found out she was in love with my accountant all these while so I went online and I came across a Russian private investigator who help me get all my properties and my accounts back even my company back how he did these I don’t know but I gave all the information he asked for and followed all his instructions and now I’m happy my life’s better now.
    Thanks to HACKINTECHNOLOGY@CYBERSERVICES.COM
    I just said I should share my own story here
    Thank you

    ReplyDelete
  3. I know of a group of private investigators who can help you with they are also hackers but prefer to be called private investigators They can help with your bitcoin issues and your clients will be happy doing business with you,they can also help yo with your bad credit score,hacking into phones,binary recovery,wiping criminal records,increase school score, stolen files in your office or school,blank atm etc. Just name it and you will live a better life
    Contact +1(407) 777-4240
    Premiumhackservices@gmail.com

    ReplyDelete
  4. He is the best out there,I tested him and he delivered a good job,he helped me settle bank loans,he also helped my son upgrade his scores at high school final year which made him graduate successfully and he gave my son free scholarship into the college,all I had to do was to settle the bills for the tools on the job,I used $500 to get a job of $50000 done all thanks to Robertson he saved me from all my troubles,sharing this is how I can show gratitude in return for all he has done for me and my family

    Contact premiumhackservices@gmail.com

    Text/call ‪+1 (984) 733‑3673‬

    WhatsApp ‪+1 (984) 733‑3673‬

    Telegram ‪+1 (984) 733‑3673‬

    ReplyDelete