Unpacking Crypters who use ResumeThread method

When you run this executable, it runs and decrypt the encrypted file in memory, then it create a thread and launch the decrypted copy directly from memory. This video will show you how to deal with this. And about the malware in this video, it's a SpamBot get from Serenity Exploit Kit. http://www.xylibox.com/2012/11/serenity-exploit-kit.html Malware MD5: 268bece218187c189c2322d6f7d21efb

• #تحصیلات_و_یادگیری
• #crypter
• #unpacking
• #runpe