Skip navigation.

Problem Unpacking Netsky-Q FSG 1.0


I am trying to unpack Netsky-Q Worm (md5 hash:3018e99857f31a59e0777396ae624a8f). PEiD shows the packer as FSG 1.0 -> dulek/xt and the only way that i found to unpack this is a manual unpacking technique by kienmanowa of REA. In this technique we introduce a breakpoint and run this malware sample to that point and use OllyDump to change the Characteristics and Entry Point. But OllyDump is not allowing me to edit the Characteristics. Can anybody help me out with this?

I would use LordPE or

I would use LordPE or PETools for changing the characteristics and EP. I guess FSG was one of the packers where the ESP trick worked ? If yes its quite yes to do.