Sample hash: SHA256: 76cd290b236b11bd18d81e75e41682208e4c0a5701ce7834a9e289ea9e06eb7e Tools: PE files static analysis: PortExAnalyzer; PE-bear Debugger & plugin: x64dbg + ScyllaHide Anti-Anti-Debug Aplib decompress: aplib-ripper 1. Static Analysis Thow the sample to PortEx Analyzer, tool will analyse file with a special focus on malformation. We get the results: The section .text has high entropy, so may be the sample […]
Article Link: https://kienmanowar.wordpress.com/2020/08/16/manual-unpacking-icedid-write-up/