Malware Analysis - Unpacking AutoIt stub with large obfuscated script
We look at two ways to unpack malware that was crypted with an AutoIt packer.
At first we trick our way to the payload, skipping the AutoIt script altogether.
At the second run we thoroughly analyse the packer stub, decrypt strings, unpack the shellcode and find the decryption function in it.
Malware Analysis course:
sample:
binary refinery:
autoit-ripper:
Follow me on Twitter:
00:00 Intro
00:25 Triage
03:38 Way 1: Unpacking by guessing
10:10 Way 2: Finding the code in large scripts
12:22 String decryption
29:51 Shellcode decryption
32:19 Shellcode analysis
34:32 Config extraction
37:31 3 lessons we learned
1 month ago 00:09:02 1
1 month ago 00:41:39 1
2 months ago 00:31:23 1
2 months ago 00:08:27 1
3 months ago 00:08:01 1
3 months ago 02:27:57 1
4 months ago 00:06:50 1
5 months ago 00:28:31 1
5 months ago 00:31:10 1
5 months ago 00:32:12 1
5 months ago 00:20:53 1
5 months ago 00:57:39 1
7 months ago 00:08:03 1
8 months ago 00:15:34 1
8 months ago 00:08:28 3
8 months ago 00:08:32 5
8 months ago 00:01:15 1
9 months ago 00:39:13 1
9 months ago 00:05:30 1
9 months ago 00:34:03 1
10 months ago 00:13:11 1
10 months ago 00:40:05 1
10 months ago 00:27:09 1
10 months ago 02:09:07 8
