Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Malware packed Xenocode 2009

Od1no4ka
Od1no4ka
in Malware Reverse Engineering

Featured Replies

Posted

Hi guys.

I decide to revers one malware, which I found on my PC. But I have some problems with unpacking of this malware, because it is packed with Xenocode (2009). I try unpack it as a previous version Xenocode (2007 & 2008), but it's does not work.

If somebody has experience how to unpack this protection, please help me.

Thank you.

!!!WARNING!!!

!!!Attached ACTIVE MALWARE!!!

pass:tuts4you.com

malware.7z

Edited by Od1no4ka

I can't download this file right now, but for Xenocode 2009 try this method:

1. Run the malware:

2. Open up PeTools 1.5, and you should see two duplicate named apps. Dump the second one.

3. Run it through ilDasm / ilAsm to fix the PE Header, and it should run, out of the Xenocode VM.

Do this in a VM or a secure environment though, don't want to reinfect yourself, lol.

  • 3 weeks later...
  • Author

Thanks a lot. As I found later, it was just an empty exe-stub which does not has payload, nonetheless the Kaspersky Antivirus detected it like malware.

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.