Skip navigation.

Running Rustock family rootkit


I downloaded Rustock family rootkit and attempted to infect the system with that malware. Except it seem to crash before it could infect my environment. Ran it under the debugger, kept a breakpoint in the entry point and attempted walking through execution but I still crash at a certain point. Before I investigate that thought I would check if I am making any obvious mistake (I am new to looking at Malware downloaded from here).

The malware.exe I endup with appear to be a valid PE etc. when I look at it under a static analyzer. Is there a second level unpacking/de-obfuscation that is there that I am missing? Please let me know. Thanks.