Enviar búsqueda
Cargar
PE Packers Used in Malicious Software - Part 1
•
13 recomendaciones
•
5,630 vistas
A
amiable_indian
Seguir
PE Packers Used in Malicious Software - Paul Craig
Leer menos
Leer más
Tecnología
Entretenimiento y humor
Denunciar
Compartir
Denunciar
Compartir
1 de 39
Recomendados
8086 Architecture
8086 Architecture
Puskar Suwal
DDR SDRAMs
DDR SDRAMs
Prankit Mishra
C programming session7
C programming session7
Keroles karam khalil
Embedded C - Lecture 4
Embedded C - Lecture 4
Mohamed Abdallah
8251 USART
8251 USART
coolsdhanesh
DDR3
DDR3
Jishnu Rajeev
Assembly language progarmming
Assembly language progarmming
Azmeyer
COMPUTER ORGANIZATION NOTES Unit 7
COMPUTER ORGANIZATION NOTES Unit 7
Dr.MAYA NAYAK
Recomendados
8086 Architecture
8086 Architecture
Puskar Suwal
DDR SDRAMs
DDR SDRAMs
Prankit Mishra
C programming session7
C programming session7
Keroles karam khalil
Embedded C - Lecture 4
Embedded C - Lecture 4
Mohamed Abdallah
8251 USART
8251 USART
coolsdhanesh
DDR3
DDR3
Jishnu Rajeev
Assembly language progarmming
Assembly language progarmming
Azmeyer
COMPUTER ORGANIZATION NOTES Unit 7
COMPUTER ORGANIZATION NOTES Unit 7
Dr.MAYA NAYAK
Introduction to FreeRTOS
Introduction to FreeRTOS
ICS
Embedded C - Lecture 3
Embedded C - Lecture 3
Mohamed Abdallah
Mips1
Mips1
Stefano Salvatori
Comuputer processor
Comuputer processor
Sanjeev Jain
8255 ppi
8255 ppi
Suraj Bora
Arm
Arm
Suresh Kaliyaperumal
8086 Micro-processor and MDA 8086 Trainer Kit
8086 Micro-processor and MDA 8086 Trainer Kit
Amit Kumer Podder
Computer Organization : CPU, Memory and I/O organization
Computer Organization : CPU, Memory and I/O organization
AmrutaMehata
A practical guide to buildroot
A practical guide to buildroot
Emertxe Information Technologies Pvt Ltd
what is ROM? Rom(read only memory)
what is ROM? Rom(read only memory)
shire ali
Chapter 2 The 8088 Microprocessor
Chapter 2 The 8088 Microprocessor
Dwight Sabio
Real Time OS For Embedded Systems
Real Time OS For Embedded Systems
Himanshu Ghetia
FIFO Design
FIFO Design
Arrow Devices
Fpga video capturing
Fpga video capturing
shehryar88
Hardware interfacing basics using AVR
Hardware interfacing basics using AVR
Mohamed Abdallah
Core I3 Vs Core I5
Core I3 Vs Core I5
Ayeshasidhu
Embedded C - Lecture 1
Embedded C - Lecture 1
Mohamed Abdallah
Double data rate (ddr)
Double data rate (ddr)
Anderson Huang
INTEL 80386 MICROPROCESSOR
INTEL 80386 MICROPROCESSOR
Annies Minu
Avr introduction
Avr introduction
Anant Shrivastava
PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016
Hajin Jang
PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2
amiable_indian
Más contenido relacionado
La actualidad más candente
Introduction to FreeRTOS
Introduction to FreeRTOS
ICS
Embedded C - Lecture 3
Embedded C - Lecture 3
Mohamed Abdallah
Mips1
Mips1
Stefano Salvatori
Comuputer processor
Comuputer processor
Sanjeev Jain
8255 ppi
8255 ppi
Suraj Bora
Arm
Arm
Suresh Kaliyaperumal
8086 Micro-processor and MDA 8086 Trainer Kit
8086 Micro-processor and MDA 8086 Trainer Kit
Amit Kumer Podder
Computer Organization : CPU, Memory and I/O organization
Computer Organization : CPU, Memory and I/O organization
AmrutaMehata
A practical guide to buildroot
A practical guide to buildroot
Emertxe Information Technologies Pvt Ltd
what is ROM? Rom(read only memory)
what is ROM? Rom(read only memory)
shire ali
Chapter 2 The 8088 Microprocessor
Chapter 2 The 8088 Microprocessor
Dwight Sabio
Real Time OS For Embedded Systems
Real Time OS For Embedded Systems
Himanshu Ghetia
FIFO Design
FIFO Design
Arrow Devices
Fpga video capturing
Fpga video capturing
shehryar88
Hardware interfacing basics using AVR
Hardware interfacing basics using AVR
Mohamed Abdallah
Core I3 Vs Core I5
Core I3 Vs Core I5
Ayeshasidhu
Embedded C - Lecture 1
Embedded C - Lecture 1
Mohamed Abdallah
Double data rate (ddr)
Double data rate (ddr)
Anderson Huang
INTEL 80386 MICROPROCESSOR
INTEL 80386 MICROPROCESSOR
Annies Minu
Avr introduction
Avr introduction
Anant Shrivastava
La actualidad más candente
(20)
Introduction to FreeRTOS
Introduction to FreeRTOS
Embedded C - Lecture 3
Embedded C - Lecture 3
Mips1
Mips1
Comuputer processor
Comuputer processor
8255 ppi
8255 ppi
Arm
Arm
8086 Micro-processor and MDA 8086 Trainer Kit
8086 Micro-processor and MDA 8086 Trainer Kit
Computer Organization : CPU, Memory and I/O organization
Computer Organization : CPU, Memory and I/O organization
A practical guide to buildroot
A practical guide to buildroot
what is ROM? Rom(read only memory)
what is ROM? Rom(read only memory)
Chapter 2 The 8088 Microprocessor
Chapter 2 The 8088 Microprocessor
Real Time OS For Embedded Systems
Real Time OS For Embedded Systems
FIFO Design
FIFO Design
Fpga video capturing
Fpga video capturing
Hardware interfacing basics using AVR
Hardware interfacing basics using AVR
Core I3 Vs Core I5
Core I3 Vs Core I5
Embedded C - Lecture 1
Embedded C - Lecture 1
Double data rate (ddr)
Double data rate (ddr)
INTEL 80386 MICROPROCESSOR
INTEL 80386 MICROPROCESSOR
Avr introduction
Avr introduction
Destacado
PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016
Hajin Jang
PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2
amiable_indian
the PE format 2011/01/17
the PE format 2011/01/17
Ange Albertini
Protection
Protection
Sanjay Sharma
PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)
Ange Albertini
Pe Format
Pe Format
Hexxx
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File Features
Antiy Labs
Fortinet av
Fortinet av
Lan & Wan Solutions
PE File Format
PE File Format
n|u - The Open Security Community
Exploring the Portable Executable format
Exploring the Portable Executable format
Ange Albertini
Reversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basics
securityxploded
Primer on password security
Primer on password security
securityxploded
Lecture 12 malicious software
Lecture 12 malicious software
rajakhurram
Destacado
(13)
PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016
PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2
the PE format 2011/01/17
the PE format 2011/01/17
Protection
Protection
PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)
Pe Format
Pe Format
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File Features
Fortinet av
Fortinet av
PE File Format
PE File Format
Exploring the Portable Executable format
Exploring the Portable Executable format
Reversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basics
Primer on password security
Primer on password security
Lecture 12 malicious software
Lecture 12 malicious software
Similar a PE Packers Used in Malicious Software - Part 1
Infragard Sept08
Infragard Sept08
Brian Tanner
Bypassing anti virus scanners
Bypassing anti virus scanners
martacax
Writing a Simple OS for Fun
Writing a Simple OS for Fun
Sayeed Mahmud
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Vincenzo Iozzo
Bypassing anti virus scanners
Bypassing anti virus scanners
martacax
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
Puppet
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Wajhi Ul Hassan Naqvi
Reversing the dropbox client on windows
Reversing the dropbox client on windows
extremecoders
Big Java Chapter 1
Big Java Chapter 1
Maria Joslin
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
tutorialsruby
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
tutorialsruby
Large Scale Indexing
Large Scale Indexing
Sease
YAPC::NA 2007 - Epic Perl Coding
YAPC::NA 2007 - Epic Perl Coding
joshua.mcadams
CyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation Process
Thomas Gregory
Data analysis with pandas
Data analysis with pandas
Outreach Digital
Data Analysis With Pandas
Data Analysis With Pandas
Stephan Solomonidis
CHAPTER 2 BASIC ANALYSIS.ppt
CHAPTER 2 BASIC ANALYSIS.ppt
ManjuAppukuttan2
Pandas tool for data scientist
Pandas tool for data scientist
MoTechInc
2600 av evasion_deuce
2600 av evasion_deuce
Db Cooper
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]
RootedCON
Similar a PE Packers Used in Malicious Software - Part 1
(20)
Infragard Sept08
Infragard Sept08
Bypassing anti virus scanners
Bypassing anti virus scanners
Writing a Simple OS for Fun
Writing a Simple OS for Fun
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Bypassing anti virus scanners
Bypassing anti virus scanners
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Reversing the dropbox client on windows
Reversing the dropbox client on windows
Big Java Chapter 1
Big Java Chapter 1
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
Large Scale Indexing
Large Scale Indexing
YAPC::NA 2007 - Epic Perl Coding
YAPC::NA 2007 - Epic Perl Coding
CyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation Process
Data analysis with pandas
Data analysis with pandas
Data Analysis With Pandas
Data Analysis With Pandas
CHAPTER 2 BASIC ANALYSIS.ppt
CHAPTER 2 BASIC ANALYSIS.ppt
Pandas tool for data scientist
Pandas tool for data scientist
2600 av evasion_deuce
2600 av evasion_deuce
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Más de amiable_indian
Phishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
amiable_indian
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
amiable_indian
Secrets of Top Pentesters
Secrets of Top Pentesters
amiable_indian
Workshop on Wireless Security
Workshop on Wireless Security
amiable_indian
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
Workshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
State of Cyber Law in India
State of Cyber Law in India
amiable_indian
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
amiable_indian
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
amiable_indian
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
amiable_indian
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
amiable_indian
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
amiable_indian
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
Hacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
Web Exploit Finder Presentation
Web Exploit Finder Presentation
amiable_indian
Network Security Data Visualization
Network Security Data Visualization
amiable_indian
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
amiable_indian
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
amiable_indian
What are the Business Security Metrics?
What are the Business Security Metrics?
amiable_indian
Más de amiable_indian
(20)
Phishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
Secrets of Top Pentesters
Secrets of Top Pentesters
Workshop on Wireless Security
Workshop on Wireless Security
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Workshop on BackTrack live CD
Workshop on BackTrack live CD
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
State of Cyber Law in India
State of Cyber Law in India
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
Hacking Client Side Insecurities
Hacking Client Side Insecurities
Web Exploit Finder Presentation
Web Exploit Finder Presentation
Network Security Data Visualization
Network Security Data Visualization
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
What are the Business Security Metrics?
What are the Business Security Metrics?
Último
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Jago de Vreede
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Architecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Zilliz
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Último
(20)
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Architecting Cloud Native Applications
Architecting Cloud Native Applications
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
PE Packers Used in Malicious Software - Part 1
1.
2.
3.
Refresher #1 -
PE-COFF: The Windows Executable Format. Section-By-Section
4.
5.
6.
7.
8.
Refresher #2 -
The Who, How, What, Why of Windows Import Address Tables
9.
10.
11.
12.
13.
14.
15.
16.
17.
DOS – MZ
header
18.
PE header
19.
Windows reads section
table
20.
Memory allocated for
executable
21.
Disk image copied
to memory
22.
Windows populates IAT
of PE packer
23.
.UNPACKER section starts
executing
24.
.UNPACKER unpacks .PACKED-DATA
into memory
25.
Unpacked, it is
now larger in memory
26.
PE Packer populates
Import Table
27.
Reset stack registers
28.
Jump to Original
Entry Point (OEP)
29.
And it runs!
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.