This concludes the workshop but you can apply the same unpacker to the resources in this malware. The payload exe is:
As an exercise, I recommend going through them on your own.
Most packers are bought and sold on underground forums or traded amongst malware authors. The following sample called Rombertik uses this same packer. For fun you can check it out:
|Section 6.1 <- Back||Next -> Conclusion|