« Great loss for the RE community
Unsubscribing for the worse »

Unpacking NakedPacker

NakedPacker is somewhat commonly seen in malware. Though its only a compressor I guess the name and the easy GUI make the teenage mutant wannabe-ninja herders come flocking to it.

Not to make this any longer, here is a screenshot of the code at entrypoint:

NakedPacker EP

Set a bp on the JMP command near the bottom (see the comment in the pic), run to it, singlestep once and dump the sucker.

Thats the manual unpacking of NakedPacker in all its grandeur.

Penetration Testing
Fitsec Ltd - The Evil Eye Penetration Testing Service
http://www.fitsec.com/en

This entry was posted on Saturday, May 30th, 2009 at 7:38 am and is filed under Tips and Tricks, Packer-Magic. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

Comments are closed.

If you want to comment on this article please send e-mail
to authors(_at_)teamfurry.com or go to the forums.

InspectorWordpress has prevented 2 attacks.