Packerattacker outil d'unpacking automatique de malware
https://github.com/BromiumLabs/PackerAttacker
Description
The Packer Attacker is a generic hidden code extractor for Windows malware. It supports the following types of pacers:
Running from heap
Replaceing PE header
Injecting in a process
The Packer Attacker is based on Microsoft Detours.
Une question? Posez-la ici
Compilation
Compile with Microsoft C++ 2010 and Detours library. You’ll have two files:
PackerAttackerHook.dll - unpacking engine
PackerAttacker.exe - DLL injector that executes malware and injects PackerAttackerHook.dll
Setting up
Create folder C:\dumps - all the extracted hidden code will be saved there
Put PackerAttacker.exe and PackerAttackerHook.dll to %PATH%
If it’s a clean machine you’re going to need MSVC++ redistributable
Une question? Posez-la ici
Usage
PackerAttacker.exe <malware.exe>
Misc
Currently only PE EXE files are supported.
Une question? Posez-la ici