- IDA Pro
- Lab18-04.exe SHA256: b8a5d54e5b8ae63d8f59bb3b1c8782e76154093fea83708ae657184c922eee0e
- Detection Rate: 30/56
- Analyzed on 2016-03-22
Compilation Date: 2011-10-18 18:46:44
- View report here
Virus total detects that the malware is packed with ASPack.
Yet another pushad operation spotted. Let’s try the same approach we did previously.
Hardware breakpoint on esp after pushad executed.
the program will break on POPAD… Step till return is called
Unpacked codes? Reanalyzed it.
Dump out the process