OALabs | Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload) @OALABS | Uploaded 6 years ago | Updated 3 hours ago
Open Analysis Live! We use the IDA Pro debugger and some API hooks to unpack a Visual Basic (VB6) packed sample and demonstrate a few tricks along the way. This is a re-uploaded classic from our old channel. Expand the description for more details...
-----
OALABS DISCORD
discord.gg/6h5Bh5AMDU
OALABS PATREON
patreon.com/oalabs
OALABS TIP JAR
ko-fi.com/oalabs
OALABS GITHUB
github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
unpac.me/#
-----
Go check out this fantastic blog post from @R3MRUM on unpacking VB5 packers, it's worth the click!
r3mrum.wordpress.com/2017/06/07/defeating-the-vb5-packer
This is also a great presentation (video) from Juriaan Bremer & Marion Marschalek with some additional background on VB6:
youtube.com/watch?v=RiBdm668lAk
VB6 packed malware sample:
SHA256: fc4f695752f8eb20b17689e60a7161a43665fa3455dc379aeb2a251838eb4da6
malshare.com/sample.php?action=detail&hash=e5e8b3f740dc41ef00d397f46debc867
Unpacked payload (note this is also packed, we don't demonstrate how to unpack this in the video):
SHA256: e5e463196d360df14b1bd6e8bc67836cc9d6a78a92d3ded67ca5713788643d22
malshare.com/sample.php?action=detail&hash=eebd3f633ea14a4144597bf496e45aeb
Feedback, questions, and suggestions are always welcome : )
Sergei twitter.com/herrcore
Sean twitter.com/seanmw
As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
Open Analysis Live! We use the IDA Pro debugger and some API hooks to unpack a Visual Basic (VB6) packed sample and demonstrate a few tricks along the way. This is a re-uploaded classic from our old channel. Expand the description for more details...
-----
OALABS DISCORD
discord.gg/6h5Bh5AMDU
OALABS PATREON
patreon.com/oalabs
OALABS TIP JAR
ko-fi.com/oalabs
OALABS GITHUB
github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
unpac.me/#
-----
Go check out this fantastic blog post from @R3MRUM on unpacking VB5 packers, it's worth the click!
r3mrum.wordpress.com/2017/06/07/defeating-the-vb5-packer
This is also a great presentation (video) from Juriaan Bremer & Marion Marschalek with some additional background on VB6:
youtube.com/watch?v=RiBdm668lAk
VB6 packed malware sample:
SHA256: fc4f695752f8eb20b17689e60a7161a43665fa3455dc379aeb2a251838eb4da6
malshare.com/sample.php?action=detail&hash=e5e8b3f740dc41ef00d397f46debc867
Unpacked payload (note this is also packed, we don't demonstrate how to unpack this in the video):
SHA256: e5e463196d360df14b1bd6e8bc67836cc9d6a78a92d3ded67ca5713788643d22
malshare.com/sample.php?action=detail&hash=eebd3f633ea14a4144597bf496e45aeb
Feedback, questions, and suggestions are always welcome : )
Sergei twitter.com/herrcore
Sean twitter.com/seanmw
As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
