Mkrakvik from Honeynor.no
has created an excellent video on Malware unpacking using Olly. According to him:
"From time to time, we come across malware that is more interesting than others. A couple of months ago we saw a trojan bot with MSN spreading capabilities. And as usual, the malware was packed. However, I was not able to identify the packer being used (using PEiD, and similar tools). So I tried unpacking this sample manually in OllyDbg, and discovered that it was actually using threads to unpack itself, something I haven’t seen before."
You can visit Mkrakvik's site here.
Tags: basics ,
Latest from the SecurityTube Blog:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.