Skip navigation.

Need help to unpack RLPacker with antidebug protection

Hi, all

I join an anti-malware community here in my country (Brazil), which developes a job similar to the MIRT from old CastleCops forum, but dedicated to local threats only (trojans bankers).

I need some help to unpack a DLL packed with:

RLPack 1.20 with fake signature (ExeInfoPE) with LZMA engine.

I already tried RLdePacker 1.4, RL!Unpacker and some IDA scripts I've found but with no results.

I attached this DLL to explorer.exe and ran the debugger, I figured it calls ntdll_DbgBreakPoint, but I have no good skills running a debugger.

Can you point me to some direction how I can learn to unpack it?

Thanks in advance.

Maybe this could help

Maybe this could help you:

Upload a copy of the trojan

Upload a copy of the trojan and give us the link.

Thanks for the help, guys.

Thanks for the help, guys. :)

@the_mfox: I saw that video tutorial, but it is hard to do! Is there some other easier way? I'm just a beginner. :)

@dannyquist: You can download the trojan from here:

I'm not sure if it is still online. I uploaded its related files to VT:



I very appreciate your help. :)

Here is the file: Sorry,

Here is the file:

Sorry, here it is: