2/23/2023 0 Comments Nsis decompiler![]() Find the DLL in this directory and see what it exports. ![]() In the best case, no rubbish is added and we can easily see the files containing valuable data:īut often it looks like this (junk files were added for the purpose of obfuscation), and we need to figure out which of the files contain the payload:Ģ. ![]() The other directory contains the stuff of our interest. In some (rare) cases, you will need to analyze the function in the DLL, that is used for unpacking, to find out the correct algorithm.Īfter decompressing the executable you will see two directories – one of them contains standard NSIS elements (just skip it, nothing to see here): In some cases, it is not a pure XOR, but usually you can figure out the modifications by looking at the output.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |