Back to list
Nov 28 2005 06:00AM
vulnerabilty gmail com
Re: Binary analysis
Nov 28 2005 02:17PM
Pedro Hugo (phugo highspeedweb net)
> i am reverse engineering a binary compressed by
> PEcompact2. but after decompressing with all available decompresser. i
> am not able to decompress it. i executed the exe and seeing process
> memory i found that it is worm SDBot. does anyone know how to go for it.
Were you able to unpack it or not ?
To unpack PeCompact2, there are some nice scripts for OllyDBG.
Openrce.org has links for them, if I'm not mistaken.
After you unpack the binary, you can disassemble it with IDA, W32Dasm or
some other disassembler.
Or, you can use OllyDBG to analyse and debug it, but remember, you are
running the exe, so the machine will get infected (it's a test machine
[ reply ]
Copyright 2010, SecurityFocus