Results 1 to 4 of 4

Thread: [Tool] PackerAttacker

  1. #1

    [Tool] PackerAttacker

    PackerAttacker is a C++ application created by BromiumLabs that uses memory and code hooks to detect packers.

    Unpacking is the ponderous yet essential initial step in malware analysis. As malware mutates, evolves, and propagates, so do the packers that are used to hide their intent from static analysis techniques. For the typical malware analyst, fighting against the vast array of packing methods can be challenging; its almost impossible to know how every packer works. However, all packers have a common goal: to write code to memory and execute it.

    Weve created a tool, aptly named The Packer Attacker, which exploits this common feature that exists in all packers. From an injected DLL, The Packer Attacker uses memory and API hooks to monitor when a sample writes to its PE sections, allocates new memory, or executes within heap memory that has been given executable privileges. When any of these events culminate in a way that resembles expected packer behavior, the targeted memory page(s) are dumped to disk, accompanied by detailed logs of what caused the dump.

    For it's memory hooks, The Packer Attacker limits access rights to tracked pages and uses a Vectored Exception Handler to catch ACCESS_VIOLATION exceptions when the memory is written to or executed. For it's API hooks, the tool uses Microsoft Research's Detours library. The injected DLL will also propagate itself into new processes and track when code is unpacked to remote processes.

    In our tests, The Packer Attacker has been able to pull full PE executables from active samples of many high-profile malware families (CryptoLocker, CryptoWall, Citroni, Zues, Citadel, and TeslaCrypt). In blind tests against an unknown variety of malware from a large malware repository, The Packer Attacker showed promising results, defeating both known packers (like UPX) and unknown packers.

    The tool is interesting but i would encourage people to do unpacking manually.
    The tool could be found here:


  2. #2
    really nice tool
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    What, showed promise defeating UPX ?!?!??

    Have Phun
    Blame Microsoft, get l337 !!

  4. #4
    Why was it "a really nice tool"?

    What showed promise?

    ?? :The possibility of defeating UPX, which is shit by today's standards.

    1 2 .?.?. profit?
    What is old will become new again.

Similar Threads

  1. A New Tool...
    By Aimless in forum Tools of Our Trade (TOT) Messageboard
    Replies: 5
    Last Post: September 19th, 2003, 06:43
  2. New Tool: RTA 1.00
    By squidge in forum Tools of Our Trade (TOT) Messageboard
    Replies: 6
    Last Post: January 14th, 2003, 18:52
  3. Tool
    By bLaCk-eye in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: September 22nd, 2002, 12:21
  4. RSA Tool 2 v1.2
    By foxthree in forum RCE Cryptographics
    Replies: 2
    Last Post: April 14th, 2002, 16:19
  5. tE!'s RSA Tool
    By bl00dbath in forum RCE Cryptographics
    Replies: 3
    Last Post: January 29th, 2002, 00:58


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts