- IDA Pro
- Cerbero Profiler
- Lab18-01.exe SHA256: 2ac6635a26049d354c0c46243f6451e6594b130745a08c5a99e96a64fbbbec0f
- Detection Rate: 40/55
- Analyzed on 2016-03-22
Compilation Date: 2011-02-27 17:54:15
- View report here
Cerbero Profiler identified a UPX section.
IDA Pro shows limited functions and imports, which highly suggest that the binary is packed.
Here we are looking for a tail jump. Next we set a breakpoint in ollydbg @0x00409f43.
Step into the jump and dump out the memory.
Tata… unpacked & the good news is we do not need to fix IAT for this case =)
The other easy way to unpack is via upx tool… however it seems like the malware author took some measures to prevent unpacking of this malware via this method.