I downloaded a malware from here.


PEID says it’s packed with Asprotect2.1x SKE.

Well, I tried two hours to unpack it without an unpacker but failed. So I finally used an unpacker. It is from here.


I feel like taking a free bus. But yeah, maybe I will learn more and unpack it without an unpacker.

So open the malware in Ollydbg and run the script we got. So you can see the information it provides in the logdata view.

We can see the RVA of OEP here. So open the ImportREC.

Click the IAT AutoSearch and GET Import button, then fix the dump. After this, you can see it’s unpacked.

Any question, please contact me at xudong_shao@hotmail.com.