How To Defeat Anti-VM and Anti-Debug Packers With IDA Pro

Open Analysis Live! We use IDA Pro and the debugger to unpack a Loki malware sample from a packer that has a ton of anti-analysis, anti-debug, and ant-vm tricks. ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs OALABS TIP JAR https://ko-fi.com/oalabs OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ ----- Automated Malware Unpacking https://www.unpac.me/ The original sample from Malware Traffic Analysis: http://www.malware-traffic-analysis.net/2017/11/16/index.html The hybrid-analysis sandbox run: https://www.hybrid-analysis.com/sample/8a3e6b18b0532c63b3e7eda71e6962f5128c2be9e8f52a817bd90d701852473a?environmentId=100 Two excellent manuals for understanding anti-analysis tricks (PDF): http://anti-reversing.com/Downloads/Anti-Reversing/The_Ultimate_Anti-Reversing_Reference.pdf https://www.blackhat.com/presentations/bh-usa-07/Yason/Whitepaper/bh-usa-07-yason-WP.pdf The unpacked sample: https://www.hybrid-analysis.com/sample/4447d464723e1276756f03fc7a77b3d99ea379d5decbc6d78478aad4c498e2ac?environmentId=100 LordPE ... old school cool : )) https://www.aldeid.com/wiki/LordPE We are always looking for feedback, what did you like, what do you want to see more of, what do you want to see us analyze next? Let us know on twitter: https://twitter.com/herrcore https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at http://www.openanalysis.net P.S. @BinaryAdventure has created an excellent tutorial demonstrating the same technique but using OllyDbg! Check it out https://youtu.be/g_fziRrG_Aw