Results 1 to 8 of 8

Thread: Help unpacking old malware - Malware attached

Threaded View

  1. #1

    Help unpacking old malware - Malware attached

    I'm been trying for a while to unpack an older piece of malware. I've been reversing key gens and crackmes for a while and I've never really had to manually unpack anything. I've tried a few automatic unpackers but didn't have any luck so I thought I would try to learn how to manually unpack something. I've tried using ollydump->Find OEP by section (trace into) and (trace over), dump the process and then using Import REContructor. After I tried this and looked at it in PEView, the text section doesn't have anything in it still. Also when I tried to open the dumped executable in IDA it has trouble running from the new EP. I've also tried using the "find POPAD" method to reveal the OEP address. I've also opened it in IDA, step into what I thought was the unpacking function, but when it seemed to unpack some code the imports that IDA saw still didn't show up any where in the code. I've been working on this for a while so any help is appreciated. I'm not necessarily looking to have someone to unpack the malware for me (but I would download it and look at it :>) I'd like some guidance to help me get over the hump. I've been trying different approaches that I've found during my research but can't seem to get any where.

    The password for the zip file is "infected" and I changed the extension to .xex

    Thanks in advance and any help is greatly appreciated.
    Attached Files Attached Files
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. some crushing malware unpacking
    By evaluator in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: September 21st, 2012, 22:43
  2. lil malware unpacking contest here!
    By evaluator in forum Malware Analysis and Unpacking Forum
    Replies: 20
    Last Post: December 29th, 2008, 13:59
  3. How to dump and fix section headers of attached processes?
    By klaymen in forum The Newbie Forum
    Replies: 1
    Last Post: April 7th, 2008, 07:23
  4. Can't resume attached process
    By TheBlasphemer in forum OllyDbg Support Forums
    Replies: 1
    Last Post: April 25th, 2004, 13:09

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts