I am playing with malware PCAPs from here Malware-Traffic-Analysis.net - 2019-06-22 - Traffic analysis exercise - Phenomenoc.
One of malware binaries there is a PE Compact 2 packed dll file.
I have tried to just follow guides about unpacking such dlls (e.g. PEcompact 2 xx dll Unpack - YouTube or Pack & Unpack PECompact packer with the X64DbG Tool - YouTube). They end up in OEP location after unpack, and i end up in the same location where the DLL’s entry point is located.
Any advices on how to correctly unpack it?
Their Scylla Dump:
Mine Scylla Dump:
There are errors related to unpack. dll can arise for a variety of reasons. A faulty application can be unpack. dll has been deleted or corrupted by malicious software on your PC.
The most common error messages are:
“The program can’t start because of unpack.” dll is missing from your computer Try to get the program to work again.
There was a problem with unpacking. There is a dll. The module could not be found.
There is an error loading unpack. There is a dll. The module could not be found.
“The code execution can’t proceed because of unpack.” “dll wasn’t found.” This problem may be fixed if the program is reinstalled.
unpack. “dll isn’t designed to run on Windows or it contains an error.” You can try to install the program again using the original installation media, or you can contact the software vender for support.
In most cases, the solution is to unpack. The dll is in the Windows system folder. The DLL file should be placed in the game/application installation folder for PC games.
This topic was automatically closed after 121 days. New replies are no longer allowed.