Jump to content
Tuts 4 You

Malware packed Xenocode 2009


Recommended Posts

Hi guys.

I decide to revers one malware, which I found on my PC. But I have some problems with unpacking of this malware, because it is packed with Xenocode (2009). I try unpack it as a previous version Xenocode (2007 & 2008), but it's does not work.

If somebody has experience how to unpack this protection, please help me.

Thank you.


!!!Attached ACTIVE MALWARE!!!



Edited by Od1no4ka
Link to comment
Share on other sites

I can't download this file right now, but for Xenocode 2009 try this method:

1. Run the malware:

2. Open up PeTools 1.5, and you should see two duplicate named apps. Dump the second one.

3. Run it through ilDasm / ilAsm to fix the PE Header, and it should run, out of the Xenocode VM.

Do this in a VM or a secure environment though, don't want to reinfect yourself, lol.

Link to comment
Share on other sites

  • 3 weeks later...

Thanks a lot. As I found later, it was just an empty exe-stub which does not has payload, nonetheless the Kaspersky Antivirus detected it like malware.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...