Open Analysis Live! We use IDA Pro and x64dbg to take a second look at Gootkit and determine how it uses files name checks to evade analysis. Expand for more... Our original Gootkit unpacking video where we explain the packer and dumping from memory. https://youtu.be/242Tn0IL2jE Packed sample: Sha256: da336edead5e63d2759ebe1414575ce7f07162f28a99fa55a4d8badfc87b6720 https://malshare.com/sample.php?action=detail&hash=ef4cf20e80a95791d76b3df8d9096f60 Unpacked Gootkit (stage 1): Sha256: b0d421e2d415e0e5a4b94e4adaa8a6625405db3739156e79b2e85ba2fb1d6067 https://malshare.com/sample.php?action=detail&hash=f92aa495c4f932a1f0a7dd7669d592e4 Excellent blog from @r3mrum on crc32 hashes and Gootkit: https://r3mrum.wordpress.com/2018/02/15/string-hashing-reverse-engineering-an-anti-analysis-control/ Lastline CRC32 hashes for Gootkit: https://www.lastline.com/labsblog/evasive-malware-tricks/ x64dbg: https://x64dbg.com/#start IDA: https://www.hex-rays.com/products/ida/support/download_freeware.shtml Feedback, questions, and suggestions are always welcome : ) Sergei https://twitter.com/herrcore Sean https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
Open Analysis Live teams up with MalwareAnalysisForHedgehogs to unpack Princess Locker ransomware. We show how to use x64dbg and hooks on VirtualAlloc to dump t
Here's some WINAPI for catching them darn debuggers out in the wild.
► SUBSCRIBE: http://goo.gl/tkkXvf —► Twitch Channel: http://twitch.tv/Sn34kyMofo Description: If you've ever been met with an error where a CD is required to p
In this video we'll be learning how to use simple reverse engineering techniques to see inside a Windows EXE and manipulate it. The program we'll be looking at
The CopyTrans application contains code to prevent a debugger such as OllyDbg from being attached to the CopyTrans.exe process. In this video we look at the tec
Open Analysis Live! We use x64dbg to unpack a new Emotet / Geodo malware (Stage 1). This was a subscriber request asking us to determine how this was packed. P
Open Analysis Live! We use IDA Pro and the debugger to unpack a Loki malware sample from a packer that has a ton of anti-analysis, anti-debug, and ant-vm tricks
Day 2 using IDA, so I'm still very new. Hope this helps inspire someone to give it a shot. Learn with me, give me tips, etc. JC's video, which is much more in
x64dbg debugger reverse engineering tutorial + how to hack software | Hack & protect software from cracking [Series] ===================================== Subsc
Hello GuidedHacking fans! If you want to hack video games you have got to learn the basics of assembly how the stack works learn how to use a decompiler / disa
A part of ethical: link for x64dbg------ https://x64dbg.com/#start link for power iso ------------ https://www.poweriso.com/downloa
Open Analysis Live! We unpack TrickBot and extract it's configuration file using x64dbg and a Python script from the KevinTheHermit project. Expand for more...
this is the first of my tutorials in using olly debugger and cracking a program using it. i will be uploading many more tutorials covering varying difficulties
Open Analysis Live! We demonstrate a quick trick to unpack malware that uses CryptDecrypt or RtlDecompressBuffer. Packers that rely on these APIs can be unpacke
We dive into why some recent malware samples have been crashing in x64dbg. Expand for more... Example (Vidar) sent from subscriber packed with packer that cr
We use x64dbg debugger to unpack troldesh / shade ransomware then we use IDA PRO to quickly decrypt strings and resolve dynamic imports. Expand for details...
How to remove the trial limitations from Filmora - pop-up registration nags and video watermark http://morituri.co.nf/
This video demonstrates the basics of using IDA Pro and WinDBG presented in the form of evaluating a sample application. Enjoy! -brad antoniewicz
Open Analysis Live! In this tutorial we show how to unpack a Themida 2.x 64bit PE file.... kind of : ) Instead of attacking the Themida protection directly we w