Unpacking Quick Tip: Two Breakpoints to Unpack Hermes Ransomware
Update: 2018-12-28
Description
Just a quick malware unpacking tutorial for one of our subscribers... how to unpack Hermes ransomware with two breakpoints expand for more...
Once you have unpacked this sample and you load it in IDA you will see they dynamically resolve their APIs, you can quickly fix this by loading the PE in a debugger, adding a breakpoint after the first function, run until breakpoint. Then use scyla to dump and fix imports!
Original packed sample:
https://cape.contextis.com/analysis/28853/
Unpacked:
https://cape.contextis.com/analysis/28851/
We use the Ollydbg CiM build because I am on holidays and don't have my full VM tools but you can use x64dbg the commands are the same : )
https://x64dbg.com/#start
FLOSS is a great too used to find strings in a binary:
https://github.com/fireeye/flare-floss
We will be back to full tutorial videos soon so stay tuned : )
Feedback, questions, and suggestions are always welcome : )
Sergei https://twitter.com/herrcore
Sean https://twitter.com/seanmw
As always check out our tools, tutorials, and more content over at https://www.openanalysis.net
Once you have unpacked this sample and you load it in IDA you will see they dynamically resolve their APIs, you can quickly fix this by loading the PE in a debugger, adding a breakpoint after the first function, run until breakpoint. Then use scyla to dump and fix imports!
Original packed sample:
https://cape.contextis.com/analysis/28853/
Unpacked:
https://cape.contextis.com/analysis/28851/
We use the Ollydbg CiM build because I am on holidays and don't have my full VM tools but you can use x64dbg the commands are the same : )
https://x64dbg.com/#start
FLOSS is a great too used to find strings in a binary:
https://github.com/fireeye/flare-floss
We will be back to full tutorial videos soon so stay tuned : )
Feedback, questions, and suggestions are always welcome : )
Sergei https://twitter.com/herrcore
Sean https://twitter.com/seanmw
As always check out our tools, tutorials, and more content over at https://www.openanalysis.net
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
1.0x
