As the numper of packed malware is increasing daily, it is more and more important for one to be able to process it as quickly as possible. The tools are out there for the task, but often it’s a tough decision what to use and how to use. In this presentation, I will cover the basic principles of unpacking a known or yet unknown packed malware sample. The goal is to demonstrate that – almost – everything (be it as simple as Upack or as complicated as Themida) can be unpacked in 5 minutes if we choose the right approach.
Hump-and-dump: efficient generic unpacking using an ordered address execution histogram,
Li Sun, RMIT University, Australia and Tim Ebringer, Witham Laboratories, Australia