Skip to main content

Intro To Malware Analsys

Hi Folks, here I will analyze a malware which is possible packed with nspack. Details are below:



File name:


First, we will do static analysis of the file.

Using string utility:

we see following things. most of the strings are obfuscated or encrypted content.

we saw the strings like. nsp0 .nsp1. .nsp2.if  we google it we can know that it is a packer which based on NS packer.

VirusTotal Analysis:

Upon analysis using virus Total we saw detection 49 out of 55 which is a malicious in nature

so we should unpack the malware because without unpacking the malware looks obfuscated and it is not possible to debug the looks like below in IDA

As we saw above we saw custom sections like ns0 ns1 ns2 and OEP starts with PUSHF PUSHA which is indication of a packer.we can confirm it by PEID

As we can see above there is a comparison between the ESI and 1.if it success then it will jumps to a section like