Pacman 0 Posted November 30, 2019 (edited) Hi everyone, I have tried to unpack the Zbot malware but I cannot fully unpack because packed as Aspack. I have found last loaded dll and import function by setting LoadLibraryA/W and GetProcAddress functions(loaded last dll is ntmarta.dll and last function is GetMartaExtensionInterface). I have continued to exit from unpacking stub. I've reached the marked address and I selected Analyze Code option. Last state, and I was dumping debugged process using OllyDump but this address may not OEP also IAT could not be fully repaired. I cannot progress more. Can you help me please? I have tested known all of techniques. Have you an idea? I'll attach unpacked program's IDA output as much as I can. https://www.dosya.tc/server24/g6s9ux/Zbot.7z.html(IDA output) 8a0c95be8a40ae5419f7d97bb3e91b2b.ex~ Edited November 30, 2019 by Pacman (see edit history) Share this post Link to post
