https://github.com/gdatasoftwareag/ldpinchunpacker
Unpacker for the Ldpinch malware
https://github.com/gdatasoftwareag/ldpinchunpacker
malware reverse-engineering unpacker
Last synced: 9 months ago
JSON representation
Unpacker for the Ldpinch malware
- Host: GitHub
- URL: https://github.com/gdatasoftwareag/ldpinchunpacker
- Owner: GDATASoftwareAG
- License: mit
- Created: 2019-01-08T07:39:11.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2021-04-01T15:49:41.000Z (almost 5 years ago)
- Last Synced: 2025-04-28T19:41:26.447Z (11 months ago)
- Topics: malware, reverse-engineering, unpacker
- Language: C++
- Homepage:
- Size: 17.6 KB
- Stars: 5
- Watchers: 5
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Ldpinch Unpacker
Unpacker example for the Ldpinch malware.
Tested with the Ldpinch sample with the SHA256: cc65200e7c748e095f65a8d22ecf8618257cc1b2163e1f9df407a0a47ae17b79
For more information see the blog post about unpacking Ldpinch: [Unpacking 101: Writing a static Unpacker for Ldpinch](https://www.gdatasoftware.com/blog/2019/01/31413-unpack-lpdinch-malware)
## Usage
You can find a version of the unpacker written in *C* and one in *Rust* in the repository.
### Rust Version
```bash
> ./ldpinch_unpacker
LdpInch Unpacker 1.0.0
Unpack LdpInch malware.
USAGE:
ldpinch_unpacker [OPTIONS] -i
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-i LdpInch file to unpack.
-o Unpacked output file. [default: unpacked.bin]
```
### C Version
```bash
> ./ldpinch_unpacker
LDPINCH Unpacker\nUsage: ldpinch_unpacker [input] [output]
```
Like the *Rust* version, the *C* version has a default `output` value set to `unpacked.bin`.
## Build
The *Rust* version can be easily build with:
```bash
cargo build --release
```