In continuation to reverse engineering malware series, this is the fifth post. I will recommend that you read my first, second, third and fourth posts to be in sync with whole exercise. In previous posts, we performed behavioral and code analysis of the malware specimen - slackbot. We identified that the bot executable was packed with UPX packer. Since UPX has native unpacking capabilities as well, we had unpacked the specimen exe and learnt more about its code & operations during code analysis. Subsequently we were able to gain control over the bot.