Get full access to Learning Malware Analysis and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

4.1 Manual Unpacking

To unpack the binary packed with a packer, we normally perform the following general steps:

The first step is to identify the OEP; as mentioned previously, when a packed binary is executed, it extracts the original binary, and at some point, it transfers control to the OEP. The original entry point (OEP) is the address of the malware's first instruction (where malicious code begins) before it was packed. In this step, we identify the instruction in the packed binary that will jump (lead us) to the OEP.
The next step involves executing the program until the OEP is reached; the idea is to allow the malware stub to unpack itself in memory and pause at the OEP (before executing malicious code).
The third step involves dumping ...

Get Learning Malware Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now