Listen Top Shows Blog

Reverse Engineering Quick Tip - Unpacking Process Injection With a Single Breakpoint

Reverse Engineering Quick Tip - Unpacking Process Injection With a Single Breakpoint

Update: 2019-04-14

Share

Description

Use x64dbg to unpack malware that uses process injection with a single breakpoint on WriteProcessMemory. Debugging has never been so easy...

Malware sample:
7e7d0557cc95e3f509f71a72aad9b8ab85d6a681df4a46e1648e928a4be5f4be

CAPE Sandbox (for download and analysis):
https://cape.contextis.com/analysis/65348/#

Feedback, questions, and suggestions are always welcome : )

Sergei https://twitter.com/herrcore
Sean https://twitter.com/seanmw

As always check out our tools, tutorials, and more content over at https://www.openanalysis.net

#MalwareAnalysis #Debugging #Unpacking

Comments

In Channel

REvil Ransomware Unpacked - Cheeky Hack To Build Import Address Table

REvil Ransomware Unpacked - Cheeky Hack To Build Import Address Table

2019-07-3009:10

Reverse Engineering RC4 Crypto For Malware Analysis

Reverse Engineering RC4 Crypto For Malware Analysis

2019-06-1715:56

Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro

Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro

2019-06-1107:31

Reverse Engineering C++ Malware With IDA Pro

Reverse Engineering C++ Malware With IDA Pro

2019-06-0323:40

Reverse Engineering Quick Tip - Unpacking Process Injection With a Single Breakpoint

Reverse Engineering Quick Tip - Unpacking Process Injection With a Single Breakpoint

2019-04-1403:30

WinDbg Basics for Malware Analysis

WinDbg Basics for Malware Analysis

2019-02-1938:36

Malware Samples Crashing x64dbg Fixed!

Malware Samples Crashing x64dbg Fixed!

2019-01-2706:55

Lazy String Decryption Tips With IDA PRO and Shade Ransomware Unpacked!

Lazy String Decryption Tips With IDA PRO and Shade Ransomware Unpacked!

2019-01-0728:05

OALabs Rewind 2018 - Reverse Engineering Bloopers

OALabs Rewind 2018 - Reverse Engineering Bloopers

2018-12-2903:38

Unpacking Quick Tip: Two Breakpoints to Unpack Hermes Ransomware

Unpacking Quick Tip: Two Breakpoints to Unpack Hermes Ransomware

2018-12-2802:37

Reverse Engineering IcedID / Bokbot Malware Part 2

Reverse Engineering IcedID / Bokbot Malware Part 2

2018-11-0937:59

Unpacking Bokbot / IcedID Malware - Part 1

Unpacking Bokbot / IcedID Malware - Part 1

2018-10-2615:58

How Do Packers Work - Reverse Engineering "FUD" Aegis Crypter

How Do Packers Work - Reverse Engineering "FUD" Aegis Crypter

2018-09-2217:41

Malware Analysis VM Setup Tutorial

Malware Analysis VM Setup Tutorial

2018-07-1614:12

Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python

Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python

2018-06-2027:52

Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg

Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg

2018-05-2019:23

Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload)

Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload)

2018-04-2929:23

Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)

Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)

2018-04-0834:03

Analyzing Adwind / JRAT Java Malware

Analyzing Adwind / JRAT Java Malware

2018-03-2633:23

Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request

Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request

2018-03-0431:30

00:00

00:00

x

Reverse Engineering Quick Tip - Unpacking Process Injection With a Single Breakpoint

Reverse Engineering Quick Tip - Unpacking Process Injection With a Single Breakpoint

OALabs