Topic created on: April 28, 2014 14:33 CDT by mindbender25 .
as a nooby I'm trying to analyze a malware sample with OllyDBG, but I couldn't get the program to run. After less then a second "Terminated" appears.
I aldready tried to use Addons like "Hide Debugger" and "HideOD" and configured OllyDBG to ignore all exceptions - nothing helped.
By using xPELister I noticed that the values SizeOfCode and SizeOfInitializedData seem to be wrong. I tried to repair it with LordPE, but this also didn't success to run the file.
Now I come to an end with my beginner knowledge and would be very glad if someone could help me with this.
Here's call stack:
all stack of main thread
Address Stack Procedure / arguments Called from Frame
001125E4 7C91DE5C Includes ntdll.KiFastSystemCallRet ntdll.7C91DE5A 001125F4
001125E8 7C801E3A ntdll.ZwTerminateProcess kernel32.7C801E34 001125F4
001125F8 003F2399 Includes kernel32.7C801E3A 003F2393 001125F4
0011F270 003F346C 003F0018 003F3467 0011F26C
0012BEE8 003F0009 003F0018 003F0004 0012BEE4
0012BEF4 00AD0621 Includes 003F0009 00AD061F 0012FC40
0012FC44 00AD0036 00AD0242 00AD0031 0012FC40
0012FC48 0040186F Includes 00AD0036 malware_.0040186D 0012FE6C
0012FC4C 0040185D ? malware_.0040186A malware_.00401858
0012FC5C 004019C0 ? malware_.004011F2 malware_.004019BB