Gone in (5x) Sixty Seconds – Robert Neumann


As the numper of packed malware is increasing daily, it is more and more important for one to be able to process it as quickly as possible. The tools are out there for the task, but often it’s a tough decision what to use and how to use. In this presentation, I will cover the basic principles of  unpacking a known or yet unknown packed malware sample. The goal is to demonstrate that  – almost – everything (be it as simple as Upack or as complicated as  Themida)  can be unpacked in 5 minutes if we choose the right approach.

Hump-and-dump: efficient generic unpacking using an ordered address execution histogram,
Li Sun, RMIT University, Australia and Tim Ebringer, Witham Laboratories, Australia 

Virusbuster Ltd

Paper

Presentation

see more

full pdf