How To Unpack VMProtect 3 (x64) Night Sky Ransomware (Patreon)

Published:

2022-02-01 03:30:09

Imported:

2022-12

Content

In this tutorial we unpack Night Sky Ransomware (x64) which is protected with VMProtect 3. We use VMPDump to dump and fix the imports and then re-create the virtualized entry point manually.

Tools

Additional Learning Resources

Samples

Original packed sample:

8c1a72991fb04dc3a8cf89605fb85150ef0e742472a0c58b8fa942a1f04877b0

Clean unpacked payload (fixed OEP):

ff5757086c464d624f4a6674d65409fb6fa84ad5ac089583ebc994ba949458d7

Files

How To Unpack VMProtect 3 (x64) Night Sky Ransomware With VMPDump [Patreon Unlocked]

In this tutorial we unpack Night Sky Ransomware (x64) which is protected with VMProtect 3. We use VMPDump to dump and fix the imports and then re-create the virtualized entry point manually. No other functions are virtualized! ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ ----- Packed sample: 8c1a72991fb04dc3a8cf89605fb85150ef0e742472a0c58b8fa942a1f04877b0 VMPDump: https://github.com/0xnobody/vmpdump Lab-Notes: https://github.com/OALabs/Lab-Notes/blob/main/NightSky/nightsky.ipynb #Unpacking #VMProtect #Malware