Exe32Pack is relatively unused packer in the malware world, but author stumble onto samples occasionally. Exe32Pack calls IsDebuggerPresent, but in addition to that it seems to do the check inline also, so setting a breakpoint at the IsDebuggerPresent API won’t suffice.
Posted on Monday, March 12th, 2007 at 3:36 pm and under category News.
You can read any responses through the RSS 2.0 feed.
You can give a response, or trackback from your site.