# Unpacking and Decrypting FlawedAmmyy

**[sans.org/reading-room/whitepapers/reverseengineeringmalware/unpacking-decrypting-flawedammyy-38930](https://www.sans.org/reading-room/whitepapers/reverseengineeringmalware/unpacking-decrypting-flawedammyy-38930)**

Michelle Petersen

Malware authors commonly utilize packers (Roccia, 2017) as a method of concealing
functionality and characteristics of their malicious code, making an analyst's job more
difficult. Second stage executables may also be encrypted, requiring the analyst to gather an
understanding of how this code is...

By Mike Downey

April 22, 2019

[Download](https://sansorg.egnyte.com/dl/utqlh5Nyaq)
**All papers are copyrighted. No re-posting of papers is permitted**


-----