Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Anti-Reversing - Anti-Dump Trick "Header Erase"
#1

Published on Jul 15, 2017
I showcase a minimal FASM sample that prevents memory dumping. It erases its own header in memory so that dumping tools don't see a valid PE image anymore.

Follow me on Twitter: @struppigel

headererase.asm: https://pastebin.com/qVZiCpHM
Compile it with FASM: https://flatassembler.net/download.php
headererase.exe: https://www.hybrid-analysis.com/sampl...
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Reverse engineering PopUnder trick for Chrome 60 baziroll 0 2,222 08-13-2017 , 12:51 AM
Last Post: baziroll
  Malware Analysis - PortexAnalyzer Repair and Dump PE Files baziroll 0 2,699 08-07-2017 , 11:51 AM
Last Post: baziroll
  AppCheck Anti-Ransomware : FinalRansomware / GX40 Ransomware (.encrypted) baziroll 0 2,267 05-15-2017 , 12:35 PM
Last Post: baziroll
  Ashampoo Anti-Virus vs WannaCry ransomware baziroll 0 1,906 04-16-2017 , 12:50 PM
Last Post: baziroll
  Ashampoo Anti-Virus vs Mole ransomware baziroll 0 2,028 04-16-2017 , 12:46 PM
Last Post: baziroll



Users browsing this thread: 1 Guest(s)