Consulting, services, computer engineering. Implementation of technology solutions and support for businesses.

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active


Packerattacker outil d'unpacking automatique de malware

The Packer Attacker is a generic hidden code extractor for Windows malware. It supports the following types of pacers:

Running from heap
Replaceing PE header
Injecting in a process
The Packer Attacker is based on Microsoft Detours.





Une question? Posez-la ici

Aide pentest d'applications




Compile with Microsoft C++ 2010 and Detours library. You’ll have two files:

PackerAttackerHook.dll - unpacking engine
PackerAttacker.exe - DLL injector that executes malware and injects PackerAttackerHook.dll
Setting up
Create folder C:\dumps - all the extracted hidden code will be saved there
Put PackerAttacker.exe and PackerAttackerHook.dll to %PATH%
If it’s a clean machine you’re going to need MSVC++ redistributable

Une question? Posez-la ici

Aide pentest d'applications

PackerAttacker.exe <malware.exe>

Currently only PE EXE files are supported.





Une question? Posez-la ici

Aide pentest d'applications




Renseigner le résultat dans le champ ci-dessous (Pour concaténation et rapport à la fin)

Analyser, se poser des questions sur le résultat. Noter aussi les remarques sur le résultats s'il semble étrange

et passer à la phase suivante

on Google+