All posts for the month September, 2014

It’s been about a year and a half since I wrote about a behavioural approach to automated unpacking, and I figured it was time to add some more functionality to This time, I’m going to look at malware decrypting/decompressing code from within itself, and process hollowing, and see if we can capture the decrypted/decompressed/newly written memory. Let’s spruce up a tad. Continue Reading