Norwegian Honeynet Project


A chapter of the Honeynet Project

Malware unpacking in OllyDbg

March 26th, 2008 by mkrakvik (2) Tips & Tricks,Videos

From time to time, we come across malware that is more interesting than others. A couple of months ago we saw a trojan bot with MSN spreading capabilities. And as usual, the malware was packed. However, I was not able to identify the packer being used (using PEiD, and similar tools). So I tried unpacking this sample manually in OllyDbg, and discovered that it was actually using threads to unpack itself, something I haven’t seen before.

Below you can find my very first screencast, showing how this sample was unpacked. Enjoy! :)

Unpacking in OllyDbg

(will open in new window)

2 Responses to “Malware unpacking in OllyDbg”

  1. Recent Links Tagged With "ollydbg" - JabberTags Says:
    October 25th, 2008 at 23:04

    [...] public links >> ollydbg Malware unpacking in OllyDbg Saved by xxnarutoxx779 on Fri 24-10-2008 Cracking “Uang dan Belanjaku” Saved by hgarcia on [...]

  2. Malware unpacking in OllyDbg « 0day in {REA_TEAM} Says:
    January 28th, 2010 at 05:08

    [...] Norwegian Honeynet Project » Blog Archive » Malware unpacking in OllyDbg.   Leave a [...]

Leave a Reply

© Norwegian Honeynet Project 2012. Powered by Wordpress/Arcsin.
valid CSS valid XHTML