Manual Unpacking of Malware Samples

This article presents information on manual unpacking of protected malicious Windows executables using the OllyDbg debugger. It also involve in fully rebuild the import table so the file can be restored to its original state and executed. Many anti-virus vendors are categorized UPX, NsPack, ASpack and many other PE packers as malicious software.
UPX, NsPack, ASpack are the most common packers, here I will concentrate more in NSpack 3.7. For this analysis we need good knowledge on few topics: PE file format, Basic on Win32 API and few tools are required like OllyDebug 1.10 , OllyScript Plug-in, OllyDump plug-in, Import ReConstructor.

Analysis of Trojan SilentBanker

SilentBanker is one of the serious threats as most of the banking Trojan does. It uses many variety of techniques such as HTML injection and replacement, cookie stealing, certification stealing. This provides the capabilities of SilentBanker. It also present details on how to detect the Trojan on an infected system. This provides an in depth analysis of Trojan SilentBanker by taking a one of the sample (sdra64.exe) of it. This explains the SilentBanker functionally, characteristic, method of infection and detection, and removal. This also describes the Trojan SilentBanker, the resources and environment used for analysis, the method and techniques used for total reverse engineer and some of the analysis troubles found and their solutions. It also presents some best practices to use while reverse code engineering (Behavioral Analysis). This Trojan is an executable program unlike viruses, Trojans do not replicate itself. They are distributing manually, frequently under the principle that attackers are beneficial or wanted. The execution of these Trojan results in system or security exploitation, and unsuspecting user executes the program with their knowledge. Channel which they spread includes email, malicious or hacked web sites, peer to peer networks, Internet Relay Chat (IRC), and many more.