Jump to content
Tuts 4 You

Malware packed Xenocode 2009


Od1no4ka

Recommended Posts

Hi guys.

I decide to revers one malware, which I found on my PC. But I have some problems with unpacking of this malware, because it is packed with Xenocode (2009). I try unpack it as a previous version Xenocode (2007 & 2008), but it's does not work.

If somebody has experience how to unpack this protection, please help me.

Thank you.

!!!WARNING!!!

!!!Attached ACTIVE MALWARE!!!

pass:tuts4you.com

malware.7z

Edited by Od1no4ka
Link to comment

I can't download this file right now, but for Xenocode 2009 try this method:

1. Run the malware:

2. Open up PeTools 1.5, and you should see two duplicate named apps. Dump the second one.

3. Run it through ilDasm / ilAsm to fix the PE Header, and it should run, out of the Xenocode VM.

Do this in a VM or a secure environment though, don't want to reinfect yourself, lol.

Link to comment
  • 3 weeks later...

Thanks a lot. As I found later, it was just an empty exe-stub which does not has payload, nonetheless the Kaspersky Antivirus detected it like malware.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...