Turbo Unpacking: A Journey into Malicious Packers - Hacker Halted
Turbo Unpacking: A Journey into Malicious Packers - Hacker Halted
Turbo Unpacking: A Journey into Malicious Packers - Hacker Halted
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Conclusion<br />
• Don’t bother <br />
• Uses simple API breakpoints: VirtualAllocEx,<br />
VirtualProtectEx, ZwProtectVirtualMemory,<br />
VirtualFree, LoadLibraryExA/W<br />
• Locate original file and dump when possible<br />
• If not, use them as entry point <strong>into</strong> the code<br />
• Allows to skip thousands of garbage routines<br />
• Most of them should be unpacked in less than 10<br />
minutes, don’t spend hours