Listen Top Shows Blog

Malware Samples Crashing x64dbg Fixed!

Malware Samples Crashing x64dbg Fixed!

Update: 2019-01-27

Share

Description

We dive into why some recent malware samples have been crashing in x64dbg. Expand for more...

Example (Vidar) sent from subscriber packed with packer that crashes old versions of x64dbg :
7b2c480736bc2ea3c6e064077e78c6a0acabbd83d0e4e637673c9deb966296d5

Download x64dbg (with fix for crash):
https://x64dbg.com/#start

Donate to x64dbg:
https://www.bountysource.com/teams/x64dbg

Corkami PE file map:
https://github.com/corkami/pics/tree/master/binary/pe102

MSDN PE file documentation:
https://docs.microsoft.com/en-us/windows/desktop/debug/pe-format#export-directory-table

PE Bear download:
https://github.com/hasherezade/pe-bear-releases/releases/tag/0.3.9.5

Feedback, questions, and suggestions are always welcome : )

Sergei https://twitter.com/herrcore
Sean https://twitter.com/seanmw

As always check out our tools, tutorials, and more content over at https://www.openanalysis.net

#x64dbg #MalwareAnalysis #Tutorial #OpenAnalysis

Comments

In Channel

REvil Ransomware Unpacked - Cheeky Hack To Build Import Address Table

REvil Ransomware Unpacked - Cheeky Hack To Build Import Address Table

2019-07-3009:10

Reverse Engineering RC4 Crypto For Malware Analysis

Reverse Engineering RC4 Crypto For Malware Analysis

2019-06-1715:56

Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro

Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro

2019-06-1107:31

Reverse Engineering C++ Malware With IDA Pro

Reverse Engineering C++ Malware With IDA Pro

2019-06-0323:40

Reverse Engineering Quick Tip - Unpacking Process Injection With a Single Breakpoint

Reverse Engineering Quick Tip - Unpacking Process Injection With a Single Breakpoint

2019-04-1403:30

WinDbg Basics for Malware Analysis

WinDbg Basics for Malware Analysis

2019-02-1938:36

Malware Samples Crashing x64dbg Fixed!

Malware Samples Crashing x64dbg Fixed!

2019-01-2706:55

Lazy String Decryption Tips With IDA PRO and Shade Ransomware Unpacked!

Lazy String Decryption Tips With IDA PRO and Shade Ransomware Unpacked!

2019-01-0728:05

OALabs Rewind 2018 - Reverse Engineering Bloopers

OALabs Rewind 2018 - Reverse Engineering Bloopers

2018-12-2903:38

Unpacking Quick Tip: Two Breakpoints to Unpack Hermes Ransomware

Unpacking Quick Tip: Two Breakpoints to Unpack Hermes Ransomware

2018-12-2802:37

Reverse Engineering IcedID / Bokbot Malware Part 2

Reverse Engineering IcedID / Bokbot Malware Part 2

2018-11-0937:59

Unpacking Bokbot / IcedID Malware - Part 1

Unpacking Bokbot / IcedID Malware - Part 1

2018-10-2615:58

How Do Packers Work - Reverse Engineering "FUD" Aegis Crypter

How Do Packers Work - Reverse Engineering "FUD" Aegis Crypter

2018-09-2217:41

Malware Analysis VM Setup Tutorial

Malware Analysis VM Setup Tutorial

2018-07-1614:12

Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python

Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python

2018-06-2027:52

Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg

Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg

2018-05-2019:23

Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload)

Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload)

2018-04-2929:23

Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)

Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)

2018-04-0834:03

Analyzing Adwind / JRAT Java Malware

Analyzing Adwind / JRAT Java Malware

2018-03-2633:23

Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request

Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request

2018-03-0431:30

00:00

00:00

1.0x

Malware Samples Crashing x64dbg Fixed!

Malware Samples Crashing x64dbg Fixed!

OALabs