Submit Search
Upload
PE Packers Used in Malicious Software - Part 1
•
13 likes
•
5,630 views
A
amiable_indian
Follow
PE Packers Used in Malicious Software - Paul Craig
Read less
Read more
Technology
Entertainment & Humor
Report
Share
Report
Share
1 of 39
Recommended
PE File Format
PE File Format
n|u - The Open Security Community
9: OllyDbg
9: OllyDbg
Sam Bowne
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
Exploring the Portable Executable format
Exploring the Portable Executable format
Ange Albertini
CNIT 126 4: A Crash Course in x86 Disassembly
CNIT 126 4: A Crash Course in x86 Disassembly
Sam Bowne
Introduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
Anti Debugging
Anti Debugging
n|u - The Open Security Community
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbg
Sam Bowne
Recommended
PE File Format
PE File Format
n|u - The Open Security Community
9: OllyDbg
9: OllyDbg
Sam Bowne
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
Exploring the Portable Executable format
Exploring the Portable Executable format
Ange Albertini
CNIT 126 4: A Crash Course in x86 Disassembly
CNIT 126 4: A Crash Course in x86 Disassembly
Sam Bowne
Introduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
Anti Debugging
Anti Debugging
n|u - The Open Security Community
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbg
Sam Bowne
Practical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware Behavior
Sam Bowne
Malware analysis
Malware analysis
Prakashchand Suthar
malware analysis
malware analysis
20CS201AkashR
Malware Static Analysis
Malware Static Analysis
Hossein Yavari
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
Sam Bowne
Practical Malware Analysis Ch13
Practical Malware Analysis Ch13
Sam Bowne
Web Application Security
Web Application Security
Abdul Wahid
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
Farouk2nd
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdf
Matt Tesauro
Practical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-Disassembly
Sam Bowne
Frans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides Ahmedabad
Security BSides Ahmedabad
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
Social Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James Forshaw
Shakacon
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
Sam Bowne
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
Natraj G
System Event Logs
System Event Logs
primeteacher32
iOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
Codemotion
Time based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webservice
Frans Rosén
PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016
Hajin Jang
PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2
amiable_indian
More Related Content
What's hot
Practical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware Behavior
Sam Bowne
Malware analysis
Malware analysis
Prakashchand Suthar
malware analysis
malware analysis
20CS201AkashR
Malware Static Analysis
Malware Static Analysis
Hossein Yavari
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
Sam Bowne
Practical Malware Analysis Ch13
Practical Malware Analysis Ch13
Sam Bowne
Web Application Security
Web Application Security
Abdul Wahid
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
Farouk2nd
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdf
Matt Tesauro
Practical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-Disassembly
Sam Bowne
Frans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides Ahmedabad
Security BSides Ahmedabad
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
Social Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James Forshaw
Shakacon
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
Sam Bowne
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
Natraj G
System Event Logs
System Event Logs
primeteacher32
iOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
Codemotion
Time based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webservice
Frans Rosén
What's hot
(20)
Practical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware Behavior
Malware analysis
Malware analysis
malware analysis
malware analysis
Malware Static Analysis
Malware Static Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
Practical Malware Analysis Ch13
Practical Malware Analysis Ch13
Web Application Security
Web Application Security
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdf
Practical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-Disassembly
Frans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides Ahmedabad
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Social Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James Forshaw
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
System Event Logs
System Event Logs
iOS Application Pentesting
iOS Application Pentesting
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
Time based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webservice
Viewers also liked
PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016
Hajin Jang
PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2
amiable_indian
the PE format 2011/01/17
the PE format 2011/01/17
Ange Albertini
Protection
Protection
Sanjay Sharma
PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)
Ange Albertini
Pe Format
Pe Format
Hexxx
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File Features
Antiy Labs
Fortinet av
Fortinet av
Lan & Wan Solutions
Reversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basics
securityxploded
Primer on password security
Primer on password security
securityxploded
Lecture 12 malicious software
Lecture 12 malicious software
rajakhurram
Viewers also liked
(11)
PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016
PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2
the PE format 2011/01/17
the PE format 2011/01/17
Protection
Protection
PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)
Pe Format
Pe Format
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File Features
Fortinet av
Fortinet av
Reversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basics
Primer on password security
Primer on password security
Lecture 12 malicious software
Lecture 12 malicious software
Similar to PE Packers Used in Malicious Software - Part 1
Infragard Sept08
Infragard Sept08
Brian Tanner
Bypassing anti virus scanners
Bypassing anti virus scanners
martacax
Writing a Simple OS for Fun
Writing a Simple OS for Fun
Sayeed Mahmud
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Vincenzo Iozzo
Bypassing anti virus scanners
Bypassing anti virus scanners
martacax
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
Puppet
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Wajhi Ul Hassan Naqvi
Reversing the dropbox client on windows
Reversing the dropbox client on windows
extremecoders
Big Java Chapter 1
Big Java Chapter 1
Maria Joslin
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
tutorialsruby
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
tutorialsruby
Large Scale Indexing
Large Scale Indexing
Sease
YAPC::NA 2007 - Epic Perl Coding
YAPC::NA 2007 - Epic Perl Coding
joshua.mcadams
CyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation Process
Thomas Gregory
Data analysis with pandas
Data analysis with pandas
Outreach Digital
Data Analysis With Pandas
Data Analysis With Pandas
Stephan Solomonidis
CHAPTER 2 BASIC ANALYSIS.ppt
CHAPTER 2 BASIC ANALYSIS.ppt
ManjuAppukuttan2
Pandas tool for data scientist
Pandas tool for data scientist
MoTechInc
2600 av evasion_deuce
2600 av evasion_deuce
Db Cooper
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]
RootedCON
Similar to PE Packers Used in Malicious Software - Part 1
(20)
Infragard Sept08
Infragard Sept08
Bypassing anti virus scanners
Bypassing anti virus scanners
Writing a Simple OS for Fun
Writing a Simple OS for Fun
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Bypassing anti virus scanners
Bypassing anti virus scanners
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Reversing the dropbox client on windows
Reversing the dropbox client on windows
Big Java Chapter 1
Big Java Chapter 1
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
Large Scale Indexing
Large Scale Indexing
YAPC::NA 2007 - Epic Perl Coding
YAPC::NA 2007 - Epic Perl Coding
CyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation Process
Data analysis with pandas
Data analysis with pandas
Data Analysis With Pandas
Data Analysis With Pandas
CHAPTER 2 BASIC ANALYSIS.ppt
CHAPTER 2 BASIC ANALYSIS.ppt
Pandas tool for data scientist
Pandas tool for data scientist
2600 av evasion_deuce
2600 av evasion_deuce
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]
More from amiable_indian
Phishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
amiable_indian
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
amiable_indian
Secrets of Top Pentesters
Secrets of Top Pentesters
amiable_indian
Workshop on Wireless Security
Workshop on Wireless Security
amiable_indian
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
Workshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
State of Cyber Law in India
State of Cyber Law in India
amiable_indian
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
amiable_indian
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
amiable_indian
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
amiable_indian
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
amiable_indian
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
amiable_indian
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
Hacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
Web Exploit Finder Presentation
Web Exploit Finder Presentation
amiable_indian
Network Security Data Visualization
Network Security Data Visualization
amiable_indian
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
amiable_indian
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
amiable_indian
What are the Business Security Metrics?
What are the Business Security Metrics?
amiable_indian
More from amiable_indian
(20)
Phishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
Secrets of Top Pentesters
Secrets of Top Pentesters
Workshop on Wireless Security
Workshop on Wireless Security
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Workshop on BackTrack live CD
Workshop on BackTrack live CD
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
State of Cyber Law in India
State of Cyber Law in India
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
Hacking Client Side Insecurities
Hacking Client Side Insecurities
Web Exploit Finder Presentation
Web Exploit Finder Presentation
Network Security Data Visualization
Network Security Data Visualization
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
What are the Business Security Metrics?
What are the Business Security Metrics?
Recently uploaded
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
Recently uploaded
(20)
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Slack Application Development 101 Slides
Slack Application Development 101 Slides
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
PE Packers Used in Malicious Software - Part 1
1.
2.
3.
Refresher #1 -
PE-COFF: The Windows Executable Format. Section-By-Section
4.
5.
6.
7.
8.
Refresher #2 -
The Who, How, What, Why of Windows Import Address Tables
9.
10.
11.
12.
13.
14.
15.
16.
17.
DOS – MZ
header
18.
PE header
19.
Windows reads section
table
20.
Memory allocated for
executable
21.
Disk image copied
to memory
22.
Windows populates IAT
of PE packer
23.
.UNPACKER section starts
executing
24.
.UNPACKER unpacks .PACKED-DATA
into memory
25.
Unpacked, it is
now larger in memory
26.
PE Packer populates
Import Table
27.
Reset stack registers
28.
Jump to Original
Entry Point (OEP)
29.
And it runs!
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.