Malware Decompiling and Unpacking (Loda Keylogger)

DamaneDz · January 5, 2018, 7:29pm

Hello guys, Hope everyone is okay

It’s been a while since my last post here

So I have something simple to share with you

The sample:

Sirius · January 5, 2018, 11:27pm

For those of us out there who prefer the written equivalent, could I suggest a short summary about the details you have included in the video?

dtm · January 6, 2018, 10:02am

Malicious file is a string-obfuscated AutoIT script,
Finds the decoding function that decodes the obfuscated strings,
Writes his own AutoIT script to call the string decoder by passing in the obfuscated string as a command line parameter,
Uses PHP to read in the malicious AutoIT script,
Regexes lines which have the string decoder and replaces them with the original unobfuscated string by calling his AutoIT string decoder,
File is string-unobfuscated and exposes its functionality.

neolex · January 10, 2018, 7:40am

Thanks for the video !
Will you make a video of the analysis of the decoded malware ?

DamaneDz · January 10, 2018, 7:55pm

Actually I lost the sample and I have to aproof my account on hybrid-analysis.com to download it again.

system · February 4, 2018, 7:29pm

This topic was automatically closed after 30 days. New replies are no longer allowed.