Od1no4ka Posted October 7, 2009 Posted October 7, 2009 (edited) Hi guys.I decide to revers one malware, which I found on my PC. But I have some problems with unpacking of this malware, because it is packed with Xenocode (2009). I try unpack it as a previous version Xenocode (2007 & 2008), but it's does not work.If somebody has experience how to unpack this protection, please help me.Thank you.!!!WARNING!!!!!!Attached ACTIVE MALWARE!!!pass:tuts4you.commalware.7z Edited October 7, 2009 by Od1no4ka
bball0002 Posted October 8, 2009 Posted October 8, 2009 I can't download this file right now, but for Xenocode 2009 try this method:1. Run the malware:2. Open up PeTools 1.5, and you should see two duplicate named apps. Dump the second one.3. Run it through ilDasm / ilAsm to fix the PE Header, and it should run, out of the Xenocode VM.Do this in a VM or a secure environment though, don't want to reinfect yourself, lol.
Od1no4ka Posted October 27, 2009 Author Posted October 27, 2009 Thanks a lot. As I found later, it was just an empty exe-stub which does not has payload, nonetheless the Kaspersky Antivirus detected it like malware.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now