Unpacking

The breach of VMProtect: 2 major incidents

Discussing the breaches of VMProtect's source code that emerged in 2023

26 Apr 2025

1 minute read

Unpacking

Unpacking UPX (MinGW example)

Simple example on how to modify UPX-packed files

18 Apr 2025

2 minute read

Unpacking

Explaining encrypted strings in .exe files

Simple explanation on encryped strings in .exe files, and how to get around them when solving crackmes

18 Apr 2025

2 minute read

Back to top ↑

AV-evasion

AV Evasion: Custom WinAPI function implementations

Learn how malware bypassses AV evasion (includes code examples)

18 Apr 2025

3 minute read

AV-evasion

AV Evasion: Anti-debug tricks

Learn how malware evades anti-viruses (includes code examples)

18 Apr 2025

1 minute read

Back to top ↑

PE File Format

PE file format: DOS Header

Explaining the DOS header in Windows executable formats

22 Apr 2025

4 minute read

PE File Format

PE file format: Import Address Table

Explaining in detail the Import Address Table (IAT) structure in Portable Executable (PE) file

21 Apr 2025

1 minute read

Back to top ↑

Injection

Using code caves to inject custom shellcode

Learn how to use code caves to inject custom code into a .exe file

19 Apr 2025

10 minute read

Back to top ↑

Malware Analysis

Decoding a Pyinstaller ransomware sample

Decoding a ransomware sample made in Python, step by step

20 Apr 2025

5 minute read

Back to top ↑

Alon Alush

Posts by Category

Unpacking

The breach of VMProtect: 2 major incidents

Unpacking UPX (MinGW example)

Explaining encrypted strings in .exe files

AV-evasion

AV Evasion: Custom WinAPI function implementations

AV Evasion: Anti-debug tricks

PE File Format

PE file format: DOS Header

PE file format: Import Address Table

Injection

Using code caves to inject custom shellcode

Malware Analysis

Decoding a Pyinstaller ransomware sample