Unpacking GlobeImposter Ransomware With x32dbg - - vimore.org

Unpacking GlobeImposter Ransomware With x32dbg

Unpacking GlobeImposter Ransomware With x32dbg

YouTube

Open Analysis Live! In this tutorial we unpack a new version of GlobeImposter ransomeware using the X32bg / X64dbg debugger. Original packed sample: https://malshare.com/sample.php?action=detail&hash=612974dcb49adef982d9ad8d9cbdde36 Malware Traffic Analysis sample: http://www.malware-traffic-analysis.net/2017/11/30/index.html The x64bdg debugger: https://x64dbg.com/#start The unpacked sample: https://malshare.com/sample.php?action=detail&hash=5a5e32203cf8eee1b7e9125b1c97ed94 OAPivot the chrome plugin for IOC searching: https://chrome.google.com/webstore/detail/oapivot/nenjokibennmmllmdbifnmmgipppnfbm Great blog on unpacking an earlier version of GlobeImposter: http://www.vkremez.com/2017/08/lets-learn-how-to-unpack-globeimposter.html Video explaining some anti-debugging tricks: https://youtu.be/WlE8abc8V-4 Anti-debugging cheat sheet (PDF): http://anti-reversing.com/Downloads/Anti-Reversing/The_Ultimate_Anti-Reversing_Reference.pdf *Special hat-tip to Alex for recommending x64dbg and showing me some tricks: https://twitter.com/nullandnull Feedback, questions, and suggestions are always welcome : ) Sergei https://twitter.com/herrcore Sean https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at http://www.openanalysis.net



Unpacking Emotet / Geodo (Stage 1) Using x64dbg - Subscriber Request

Open Analysis Live! We use x64dbg to unpack a new Emotet / Geodo malware (Stage 1). This was a subscriber request asking us to determine how this was packed. P

YouTube

CryptoLocker (Crilock) File Encrypting Ransomware [OBSOLETED]

http://malwareup.org NOTE: As of August 6th 2014, the information about Cryptolocker in this video is obsolete. Security researchers managed to procure ALL pri

YouTube

Wana Decrypt0r (Wanacry Ransomware) - Computerphile

$300 or your files are toast: Dr Pound takes a look at the latest ransomware to be doing the rounds. How Wana Decrypt0r encrypts files: https://youtu.be/pLlu

YouTube

Solving a crackme with Run to User Code in X32Dbg

Good option to use when "all referenced text strings" isn't getting you anywhere.

YouTube

Analyzing Adwind / JRAT Java Malware

Open Analysis Live! We analyze Adwind / JRAT malware using x64dbg and Java ByteCode Viewer. This was a subscriber request asking us to take a closer look at Adw

YouTube

Remove & Decrypt Globe Ransomware (V1,V2 or V3)

Emsisoft Decrypter for Globe3: http://bit.ly/globe3decryptor Emsisoft Decrypter for Globe2: http://bit.ly/globe2decryptor Emsisoft Decrypter for Globe1: http://

YouTube

WinDbg Basics for Malware Analysis

In this tutorial we cover the basics of debugging malware with WinDbg. Expand for more... Tutorial Bookmarks: 3:12 WinDbg workspace layout 13:00 downloading an

YouTube

Extract Shellcode from Fileless Malware like a Pro

Here I demonstrate how to extract shellcode from the context of a malicious Word doc which uses VBA to inject shellcode into the memory space of a victim proces

YouTube

How To Defeat Anti-VM and Anti-Debug Packers With IDA Pro

Open Analysis Live! We use IDA Pro and the debugger to unpack a Loki malware sample from a packer that has a ton of anti-analysis, anti-debug, and ant-vm tricks

YouTube

How Do Packers Work - Reverse Engineering "FUD" Aegis Crypter

Open Analysis Live! We reverse engineer the Aegis Crypter and take a look at how packers work from the malware developer's perspective... Calc.exe packed with

YouTube

How to crack Bigasoft Total Video Converter and remove the trial limitations using x64dbg

How to crack Bigasoft Total Video Converter and remove the trial limitations using x64dbg http://morituri.co.nf/

YouTube

Olympic Destroyer - Quick behavioural Analysis of this Wiper Malware

Here I run through some behavioural analysis of Olympic Destroyer malware which steals local credentials, propagates around a network and renders victim machine

YouTube

Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request

Open Analysis Live! We use IDA Pro and x64dbg to unpack a recently packed Gootkit malware (stage1). This was a subscriber request asking us to determine how thi

YouTube

Reverse Engineering x32dbg/olly "that doesnt work in the real world..."

The name and identity of this software has been changed to protect the innocent... Join the discord! https://discord.gg/JEmYv5G If you feel like sending in a

YouTube

Unpacking Bokbot / IcedID Malware - Part 1

We demonstrate how to unpack the first two stages of Bokbot / IcedID malware with x64dbg, PeBear, and IDA Pro. Expand for more... Original sample: 0ca2971ffedf

YouTube

Analyzing Ransomware - Beginner Static Analysis

Today we will do some basic static analysis on a ransomware sample. P.S. Sorry about the volume, I've hopefully fixed it in newer videos. Sample: https://www.

YouTube

Cracking XoftSpy with x64dbg [Learning Cracking]

DISCLAIMER: THIS VIDEO IS FOR INFORMATIONAL PURPOSES ONLY. ANY ACTIONS TAKEN WATCHING THE TUTORIAL THEREAFTER, DISCHARGE THE OWNER FROM ANY OTHER RESPONSABILITI

YouTube

JavaScript that drops a RAT - Reverse Engineer it like a pro

Here I show you how to reverse engineer a malicious JavaScript file which drops Netwire RAT malware. The JavaScript contains the encoded contents of the malware

YouTube

Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)

Open Analysis Live teams up with MalwareAnalysisForHedgehogs to unpack Princess Locker ransomware. We show how to use x64dbg and hooks on VirtualAlloc to dump t

YouTube