Jump to content
Tuts 4 You

Deep Dive into A Custom Malware Packer


Loki

Recommended Posts

In this article we will look in depth at a Custom Packer used by a Malware that was recently found in the wild. This packer is interesting for several reasons. It uses several layers of packers including the well-known UPX Packer which is only used to mask the underlying custom packers.

It also uses a clever way of injecting code into a remote process and resuming its execution from there. I have included necessary screenshots with snippets of assembly language code sections along with comments, stack parameters for API calls and views of memory dump. This will help in following the article while the unpacking method is described.


 


Nice little article. Not a particularly complex packer but it describes a nice way of injecting into a process without using the WriteProcessMemory API (potentially avoiding malware scanners that hook WriteProcessMemory)


 


Article: http://resources.infosecinstitute.com/deep-dive-into-a-custom-malware-packer/


  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...