Категории

Unpacking GlobeImposter Ransomware With x32dbg

Опубликовано: 11 Декабрь 2017
на канале: OALabs
15,799
316

Open Analysis Live! In this tutorial we unpack a new version of GlobeImposter ransomeware using the X32bg / X64dbg debugger.

-----
OALABS DISCORD
  / discord  

OALABS PATREON
  / oalabs  

OALABS TIP JAR
https://ko-fi.com/oalabs

OALABS GITHUB
https://github.com/OALabs

UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/

-----

Original packed sample:
https://malshare.com/sample.php?actio...

Malware Traffic Analysis sample:
http://www.malware-traffic-analysis.n...

The x64bdg debugger:
https://x64dbg.com/#start

The unpacked sample:
https://malshare.com/sample.php?actio...

OAPivot the chrome plugin for IOC searching:
https://chrome.google.com/webstore/de...

Great blog on unpacking an earlier version of GlobeImposter:
http://www.vkremez.com/2017/08/lets-l...

Video explaining some anti-debugging tricks:
   • How To Defeat Anti-VM and Anti-Debug ...  

Anti-debugging cheat sheet (PDF):
http://anti-reversing.com/Downloads/A...

*Special hat-tip to Alex for recommending x64dbg and showing me some tricks:   / nullandnull  

Feedback, questions, and suggestions are always welcome : )

Sergei   / herrcore  
Sean   / seanmw  

As always check out our tools, tutorials, and more content over at http://www.openanalysis.net

Смотрите видео Unpacking GlobeImposter Ransomware With x32dbg онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь OALabs 11 Декабрь 2017, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 15,799 раз и оно понравилось 316 людям.

play_arrow
2,804
28

Tom & Jerry selfie in green screen

Tom & Jerry selfie in green screen
play_arrow
11,223
24

Vintage Teletronix LA-2A at Gearlicious

Vintage Teletronix LA-2A at Gearlicious
play_arrow
1,308
46

Universal Audio LA-2A

Universal Audio LA-2A
play_arrow
5,450
26

How To Fix Your Widgy Widget Not Loading Using Tap Actions!

How To Fix Your Widgy Widget Not Loading Using Tap Actions!
play_arrow
90,781
1.3 тыс

Velhas Virgens - Esse Seu Buraquinho [Ao Vivo]

Velhas Virgens - Esse Seu Buraquinho [Ao Vivo]
play_arrow
7,759
209

Leetcode - 340 : Longest Substring with At Most K Distinct Characters | Solution Explained | Java

Leetcode - 340 : Longest Substring with At Most K Distinct Characters | Solution Explained | Java
play_arrow
10,810
937

Можно ли принимать лекарство много лет.

Можно ли принимать лекарство много лет.
play_arrow
13
8

how to change WhatsApp profile photo।। WhatsApp profile picture kaise change Karen।। Abhishek।।

how to change WhatsApp profile photo।। WhatsApp profile picture kaise change Karen।। Abhishek।।
Похожие видео
play_arrow
Zombieware

Zombieware
play_arrow
Introduction to YARA Part 2 - Hunting on UnpacMe

Introduction to YARA Part 2 - Hunting on UnpacMe
play_arrow
Introduction to YARA Part 3 - Rule Use Cases

Introduction to YARA Part 3 - Rule Use Cases
play_arrow
Introduction to YARA Part 4 - Efficient Rule Development

Introduction to YARA Part 4 - Efficient Rule Development
play_arrow
Introduction to YARA Part 1 - What is a YARA Rule

Introduction to YARA Part 1 - What is a YARA Rule
play_arrow
Tips For Analyzing Delphi Binaries in IDA (Danabot)

Tips For Analyzing Delphi Binaries in IDA (Danabot)
play_arrow
How To Recognize Macro Encrypted Strings in Malware

How To Recognize Macro Encrypted Strings in Malware
play_arrow
Direct vs. Indirect Syscalls What Is All The HYPE?! [OALABS Call-In Show]

Direct vs. Indirect Syscalls What Is All The HYPE?! [OALABS Call-In Show]
play_arrow
Are Red Team Tools Helping or Hurting Our Industry? [OALABS Call-In Show]

Are Red Team Tools Helping or Hurting Our Industry? [OALABS Call-In Show]
play_arrow
Reverse Engineering With Unicorn Emulation

Reverse Engineering With Unicorn Emulation
play_arrow
Emulation Fundamentals - Writing A Basic x86 Emulator

Emulation Fundamentals - Writing A Basic x86 Emulator
play_arrow
AV Emulation Detection Tricks Used by Malware

AV Emulation Detection Tricks Used by Malware
play_arrow
Tips to Learn Reverse Engineering: Avoid These Common Pitfalls!

Tips to Learn Reverse Engineering: Avoid These Common Pitfalls!
play_arrow
Understanding The PEB for Reverse Engineers

Understanding The PEB for Reverse Engineers
play_arrow
Well it finally happened... infected myself with Emotet lel

Well it finally happened... infected myself with Emotet lel
play_arrow
ESXiArgs Ransomware Analysis with @fwosar

ESXiArgs Ransomware Analysis with @fwosar
play_arrow
Do Companies Actually Pay Ransomware [ Reverse Engineering AMA ]

Do Companies Actually Pay Ransomware [ Reverse Engineering AMA ]
play_arrow
What The Security Industry Should Know About Reverse Engineering [ Reverse Engineering AMA ]

What The Security Industry Should Know About Reverse Engineering [ Reverse Engineering AMA ]
play_arrow
What is The Future of Reverse Engineering [ Reverse Engineering AMA ]

What is The Future of Reverse Engineering [ Reverse Engineering AMA ]
play_arrow
One Trick To Level Up Your Reverse Engineering [ Reverse Engineering AMA ]

One Trick To Level Up Your Reverse Engineering [ Reverse Engineering AMA ]
play_arrow
How To Identify Unknown Crypto Functions [ Reverse Engineering AMA ]

How To Identify Unknown Crypto Functions [ Reverse Engineering AMA ]
play_arrow
Tips For Writing a .NET Static Config Extractor for Malware [ Reverse Engineering AMA ]

Tips For Writing a .NET Static Config Extractor for Malware [ Reverse Engineering AMA ]
play_arrow
What Is The Most Interesting Malware From 2022 [ Reverse Engineering AMA ]

What Is The Most Interesting Malware From 2022 [ Reverse Engineering AMA ]
play_arrow
Most Embarrassing Malware You Have Analyzed [ Reverse Engineering AMA ]

Most Embarrassing Malware You Have Analyzed [ Reverse Engineering AMA ]