Loki Posted July 17, 2013 Share Posted July 17, 2013 In this article we will look in depth at a Custom Packer used by a Malware that was recently found in the wild. This packer is interesting for several reasons. It uses several layers of packers including the well-known UPX Packer which is only used to mask the underlying custom packers.It also uses a clever way of injecting code into a remote process and resuming its execution from there. I have included necessary screenshots with snippets of assembly language code sections along with comments, stack parameters for API calls and views of memory dump. This will help in following the article while the unpacking method is described. Nice little article. Not a particularly complex packer but it describes a nice way of injecting into a process without using the WriteProcessMemory API (potentially avoiding malware scanners that hook WriteProcessMemory) Article: http://resources.infosecinstitute.com/deep-dive-into-a-custom-malware-packer/ 1 Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now