Exe32Pack is relatively unused packer in the malware world, but author stumble onto samples occasionally. Exe32Pack calls IsDebuggerPresent, but in addition to that it seems to do the check inline also, so setting a breakpoint at the IsDebuggerPresent API won’t suffice.
On March 12, 2007, In News, by first
Exe32Pack is relatively unused packer in the malware world, but author stumble onto samples occasionally. Exe32Pack calls IsDebuggerPresent, but in addition to that it seems to do the check inline also, so setting a breakpoint at the IsDebuggerPresent API won’t suffice. Read more…
If you enjoyed this article, please consider sharing it!
