Myapp malware crypter – static unpacker

Malware won’t die unless you help it..

Ok this is gonna be a rather short one, For those into analyzing malware might have noticed a pretty common crypter is floating around. I call it the ‘Myapp’ since the binary’s contains a string ‘c:\myapp.exe’. after the analyzing the stub i noticed it’s kinda easy to write a static unpacker for for(it uses a modified RC4 encryption)

 

The unpacker

source code :http://pastebin.com/msyJdHBG
I have tested it over many binary’s and always with success so now it’s time to share this, use it on your own risk!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s