Od1no4ka Posted October 7, 2009 Share Posted October 7, 2009 (edited) Hi guys.I decide to revers one malware, which I found on my PC. But I have some problems with unpacking of this malware, because it is packed with Xenocode (2009). I try unpack it as a previous version Xenocode (2007 & 2008), but it's does not work.If somebody has experience how to unpack this protection, please help me.Thank you.!!!WARNING!!!!!!Attached ACTIVE MALWARE!!!pass:tuts4you.commalware.7z Edited October 7, 2009 by Od1no4ka Link to comment Share on other sites More sharing options...
bball0002 Posted October 8, 2009 Share Posted October 8, 2009 I can't download this file right now, but for Xenocode 2009 try this method:1. Run the malware:2. Open up PeTools 1.5, and you should see two duplicate named apps. Dump the second one.3. Run it through ilDasm / ilAsm to fix the PE Header, and it should run, out of the Xenocode VM.Do this in a VM or a secure environment though, don't want to reinfect yourself, lol. Link to comment Share on other sites More sharing options...
Od1no4ka Posted October 27, 2009 Author Share Posted October 27, 2009 Thanks a lot. As I found later, it was just an empty exe-stub which does not has payload, nonetheless the Kaspersky Antivirus detected it like malware. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now