oalabs

Live Stream VOD: Removing Control Flow Obfuscation From Pandora Ransomware Part 2 (Patreon)

Published:

2022-03-26 02:51:33

Imported:

Tags:

Deobfuscation Dumpulator IDA Live Stream Twitch Unpacking cff control flow obfuscation emulation pandora ransomware

Content

In this Twitch stream we continue building our script to remove control flow obfuscation from Pandora Ransomware. The obfuscation is a type of control flow flattening with additional opaque predicates. We are using a combination of IDA scripts and emulation with dumpulator to reconstruct the original control flow.

Sample: 5b56c5d86347e164c6e571c86dbf5b1535eae6b979fede6ed66b01e79ea33b7b

Research notes are available with code and more obfuscation learning resources: Pandora Ransomware

Files

Live Stream VOD: Removing Control Flow Obfuscation From Pandora Ransomware Part 2

This is "Live Stream VOD: Removing Control Flow Obfuscation From Pandora Ransomware Part 2" by OALABS on Vimeo, the home for high quality videos and the...