Hacktreides

malware with a weird packer

4 posts in this topic

It's a custom protector and quite a good one.

First layer removed, see attached RAR. Second layer does few anti-VM tricks and tries to inject code into explorer.

Dump_00216AF8_00010000.rar

Share this post


Link to post
Share on other sites

You find same as me :) Any idea of his malware family? It seem to be a rat.

Thank you

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now