Jump to content
Tuts 4 You

Deep Dive into A Custom Malware Packer

Loki

By Loki
in Malware Reverse Engineering

 Share

Recommended Posts

Loki

Loki

Posted
Posted
In this article we will look in depth at a Custom Packer used by a Malware that was recently found in the wild. This packer is interesting for several reasons. It uses several layers of packers including the well-known UPX Packer which is only used to mask the underlying custom packers.

It also uses a clever way of injecting code into a remote process and resuming its execution from there. I have included necessary screenshots with snippets of assembly language code sections along with comments, stack parameters for API calls and views of memory dump. This will help in following the article while the unpacking method is described.


 


Nice little article. Not a particularly complex packer but it describes a nice way of injecting into a process without using the WriteProcessMemory API (potentially avoiding malware scanners that hook WriteProcessMemory)


 


Article: http://resources.infosecinstitute.com/deep-dive-into-a-custom-malware-packer/


  • Like 1
E33

E33

Posted
Posted

Any available malware packed in such manner?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...