Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request - - vimore.org

Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request

Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request

YouTube

Open Analysis Live! We use IDA Pro and x64dbg to unpack a recently packed Gootkit malware (stage1). This was a subscriber request asking us to determine how this was packed. Video bookmarks to skip ahead... - Deobfuscating strings with IDA Python 5:15 - Identify anti-analysis tricks after string deobfuscation 9:03 - Mutex trick 14:40 - CreateFile ShareMode trick 17:33 - Fully unpacking with x64dbg 20:25 - Searching for PE in memory using x64dbg 23:24 - Carving PE files from a memory dump with a hex editor 26:24 - Final overview of the whole process 27:59 Packed sample: Sha256: 38933984f5ff8b71c054d1c1155e308ac02377b89315ef17cea859178a30dbab https://malshare.com/sample.php?action=detail&hash=e561ae3cedb6f9fc0ecff559c62788b0 Unpacked Gootkit (stage 1): Sha256: e61082d8f711d775b5c427af649c64ab50fac695f334720dca467598c5817b7a https://malshare.com/sample.php?action=detail&hash=691c71e5b3d72835730b2db5e60b28cc x64dbg: https://x64dbg.com/#start IDA: https://www.hex-rays.com/products/ida/support/download_freeware.shtml Packer string decryption script (IDAPython): https://gist.github.com/herrcore/473133aa1387ed0b08a67d1a221b5b09 Tutorial examining the CreateFile share anti-analysis trick: https://www.youtube.com/watch?v=ScBB-Hi7NxQ&t=9m22s Feedback, questions, and suggestions are always welcome : ) Sergei https://twitter.com/herrcore Sean https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at http://www.openanalysis.net



How To Defeat Anti-VM and Anti-Debug Packers With IDA Pro

Open Analysis Live! We use IDA Pro and the debugger to unpack a Loki malware sample from a packer that has a ton of anti-analysis, anti-debug, and ant-vm tricks

YouTube

Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)

Open Analysis Live teams up with MalwareAnalysisForHedgehogs to unpack Princess Locker ransomware. We show how to use x64dbg and hooks on VirtualAlloc to dump t

YouTube

Analyzing Adwind / JRAT Java Malware

Open Analysis Live! We analyze Adwind / JRAT malware using x64dbg and Java ByteCode Viewer. This was a subscriber request asking us to take a closer look at Adw

YouTube

How To Crack A Software Using Ollydbg 2017 Latest

In this short tutorial you'll learn to crack software with the help of ollydbg tool. No more Trial softwares, patch them yourself easily. ollydbg software = ht

YouTube

SAVE PEWDS: GIMME YOUR IDEAS FOR HIS GAME, LIVE!

Multistreaming with https://restream.io/ https://www.reddit.com/r/PewdieGame/comments/asew4m/there_is_a_locked_gate_we_need_something_to_cause/ SUBSCRIBE TO P

YouTube

Что такое бинарный файл прошивки?

Отличие бинарного файла прошивки от файла формата hex

YouTube

Maximize the power of hex-rays decompiler - Igor Kirillov

Insomni'hack 2018 Title: Maximize the power of hex-rays decompiler Speaker: Igor Kirillov IDA Pro Hex-Rays decompiler serves as a perfect abstraction producer

YouTube

How Do Packers Work - Reverse Engineering "FUD" Aegis Crypter

Open Analysis Live! We reverse engineer the Aegis Crypter and take a look at how packers work from the malware developer's perspective... Calc.exe packed with

YouTube

How to crack Bigasoft Total Video Converter and remove the trial limitations using x64dbg

How to crack Bigasoft Total Video Converter and remove the trial limitations using x64dbg http://morituri.co.nf/

YouTube

Malware Analysis Part #1: Basic Static Analysis

Basic Static Malware Analysis with PEview = http://wjradburn.com/software/ CFF Explorer = http://www.ntcore.com/exsuite.php PEinsider = http://cerbero.io/peins

YouTube

Tutorial: Introduction to Reverse Engineering - Mike Anderson, The PTR Group, Inc.

Tutorial: Introduction to Reverse Engineering - Mike Anderson, The PTR Group, Inc. Security is always a concern as our products ship, especially in today's wor

YouTube

Unpacking Emotet / Geodo (Stage 1) Using x64dbg - Subscriber Request

Open Analysis Live! We use x64dbg to unpack a new Emotet / Geodo malware (Stage 1). This was a subscriber request asking us to determine how this was packed. P

YouTube

Unpacking Themida 2.x 64bit … Without Actually Unpacking - REDUX!

Open Analysis Live! In this tutorial we show how to unpack a Themida 2.x 64bit PE file.... kind of : ) Instead of attacking the Themida protection directly we w

YouTube

Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library

I will discuss each of the techniques the malware author used in order to prevent reverse engineering of their Android native library including manipulating the

YouTube

Lazy String Decryption Tips With IDA PRO and Shade Ransomware Unpacked!

We use x64dbg debugger to unpack troldesh / shade ransomware then we use IDA PRO to quickly decrypt strings and resolve dynamic imports. Expand for details...

YouTube

Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg

Open Analysis Live! We use IDA Pro and x64dbg to take a second look at Gootkit and determine how it uses files name checks to evade analysis. Expand for more...

YouTube

Fast Malware Unpacking With CryptDecrypt and RtlDecompressBuffer

Open Analysis Live! We demonstrate a quick trick to unpack malware that uses CryptDecrypt or RtlDecompressBuffer. Packers that rely on these APIs can be unpacke

YouTube

Reversing for Newbies - Pt 1: Binary Patching (Lena151 Assembly Tutorials)

This video is for educational purposes only! This video shows you how to reverse engineer a simple executable provided by Lena151. In this video we make use o

YouTube

Unpacking Bokbot / IcedID Malware - Part 1

We demonstrate how to unpack the first two stages of Bokbot / IcedID malware with x64dbg, PeBear, and IDA Pro. Expand for more... Original sample: 0ca2971ffedf

YouTube