Notes just for me learning
CPPEH_RECORD = exception handling
__guard_check_icall_fptr = control flow guard
_initterm = creation function pointer table
Showing posts with label reverse engineer. Show all posts
Showing posts with label reverse engineer. Show all posts
Wednesday, October 19, 2022
Wednesday, January 29, 2020
Emotet failed attempt at Reversing
Just documenting my attempts for my own learning at reversing Emotet unpacker.
This may not be correct, I'm just learning so I may be completely misunderstanding or missing things
sample:
hxxps://www.internationalabacus[.]com/calendar/Lr/
https://www.virustotal.com/gui/file/eac3cec9d0fcd2de926b66c0720bed7d8a38c092aa42089ac9a6e3a72002c5da/detection
ceb166362f11a7769b71a2bcb5eb0e31
Interesting APIs to maybe try to break on
MoveFileExA (kernel32)
CreateProcessInternalW (kernel32)
RtlIPv4StringToAddress (ntdll)
UrlCanonicalizeW (SHLWAPI)
GetAddressInfoExW (WS2_32)
HttpSendRequestW (WinInet)
This may not be correct, I'm just learning so I may be completely misunderstanding or missing things
sample:
hxxps://www.internationalabacus[.]com/calendar/Lr/
https://www.virustotal.com/gui/file/eac3cec9d0fcd2de926b66c0720bed7d8a38c092aa42089ac9a6e3a72002c5da/detection
ceb166362f11a7769b71a2bcb5eb0e31
Interesting APIs to maybe try to break on
MoveFileExA (kernel32)
CreateProcessInternalW (kernel32)
RtlIPv4StringToAddress (ntdll)
UrlCanonicalizeW (SHLWAPI)
GetAddressInfoExW (WS2_32)
HttpSendRequestW (WinInet)
Subscribe to:
Posts (Atom)