Turbo Unpacking: A Journey into Malicious Packers - Hacker Halted
Turbo Unpacking: A Journey into Malicious Packers - Hacker Halted
Turbo Unpacking: A Journey into Malicious Packers - Hacker Halted
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
With compression<br />
<strong>Packers</strong><br />
UPX<br />
Protectors<br />
ASProtect<br />
Bundlers<br />
MoleBox<br />
• Bundlers<br />
• Multiple encrypted code layers<br />
• Multiple compression algorithms in use<br />
• aplib, lzma, lzss, lzrw, lzbrs, ffce, jcalg,…<br />
• Custom PECOFF table processing<br />
• Imports are usually* protected<br />
• Resources are usually* compressed<br />
• Relocations are usually* compressed<br />
• TLS can be emulated<br />
• Can protect x86/x64 files<br />
• Some anti-reversing protection<br />
• Usually limited to import table/entry point<br />
– * If present and selected by the user