Malware unpacking in OllyDbg
March 26th, 2008 by mkrakvik (1) Tips & Tricks, Videos
From time to time, we come across malware that is more interesting than others. A couple of months ago we saw a trojan bot with MSN spreading capabilities. And as usual, the malware was packed. However, I was not able to identify the packer being used (using PEiD, and similar tools). So I tried unpacking this sample manually in OllyDbg, and discovered that it was actually using threads to unpack itself, something I haven’t seen before.
Below you can find my very first screencast, showing how this sample was unpacked. Enjoy! 🙂
Unpacking in OllyDbg
(will open in new window)
via Norwegian Honeynet Project » Blog Archive » Malware unpacking in OllyDbg.
0day in {REA_TEAM} 