View RSS Feed

41.w4r10r

  1. ZeroAccess new variant(Self Debugging) Unpacker

    On Behalf of Arunpreet Singh

    ZeroAccess new variant (crypter) is in the news from past few days. It is different from traditional crypters which either uses RunPE or overwrite the original image with decrypted Image.It is already covered in avast blog post ,so i will just summarize it in shorter steps.It Basically uses Self debugging concept (itís not a new thing)

    1)Launch its own instance in debug mode (child process)
    2)Parents Process Enter into debug ...