Entries filed under 'Simplepack'

Threat Research Blog

The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.

    Unpacking SimplePack

    By Abhishek Singh
    By packing their malicious executable, malware authors can be sure that when they are opened in a disassembler they will not show the correct sequence of instructions, thus making malware analysis a lengthier and more difficult process.SimplePack is yet another packer often used by malware authors. Specifically, it uses LZMA compression. When the packed process is opened in the debugger, the packed code starts with the instruction PUSHAD as seen in Figure Read more...