UNPACKING THE FILE

 

1.For unpacking the RaDa.exe I use Olly dbg. I set a breakpoint in 40FE78 (The zone that jump to entry point)

2. Run the program (F9)

 

           

           

 

3. When we stay in the in 40FE78 execute one step (F7). And now we are in the Entry point.

           

 

4. Finaly we dump the executable with OllyDump pluggin to Unpacked.exe

 

 

RESEARCH

 

 

Now we can disassembly and study the Unpacked.exe with IDA:

 

 

Debuggin all options and commands with Olly dbg.

 

And Sniffing the net traffic and different commands with Ethereal, and send the backdoor commands with telnet.

 

 

TOOLS REQUIRED

 

                        Olly dbg                                  http://home.t-online.de/home/Ollydbg/

                        Ida evaluation versión   www.datarescue.com

                        Ethereal                                   www.ethereal.com