Example malware unpacking and analysis: part 1, unpacking

Lo! I still live! I apologize for the very very long delay that I’ve been putting everyone through lately, I’m sure I was terribly missed ;) *Ahem*, anyway, on with the post:

Introduction

Firstly, malware analysis and reverse engineering has always been incredibly interesting to me and I noticed that ever since my OEP finding tutorial for UPACK, I’ve also gotten a lot of google searches for “how to reverse malware” and other such things, so, I figured I’d share my meager knowledge, seeing as how other blogs have been so helpful thus far, and they always say the best way to learn something is to teach it. I decided that it would be cool to start a series about analysis from start to finish, explaining how I analyze the file. Anyhow, enough of my rambling, on with the analysis! Read more

May 9, 2008 | Filed Under analysis, assembly, disassembly, engineering, imprec, malware, microsoft110.exe, oep, ollydbg, part 1, peid, reverse, unpack, upx | 3 Comments 

Tutorial: Finding the OEP of an Upacked binary file

…because all the other tutorials I’ve been able to find on this subject are not so easy to read.

This is going to be a long post, but hey, at least it’ll have lots of pictures!

Alright, in this tutorial I’m going to attempt to explain how to find the OEP (Original Entry Point) of a binary executable that has been packed with the Upack/WinUpack packer. I just recently learned this myself, so please excuse any errors this tutorial might have. In this tutorial, the following tools are used:

Read more

February 25, 2008 | Filed Under binary, disassemble, ida, lordpe, oep, peid, reverse, upack, windows, winupack | 3 Comments 

Bad Behavior has blocked 228 access attempts in the last 7 days.