A little blog i wrote on how you can quickly unpack the storm worm packer, the one using code and IAT on heap.

Nothing really complex, just thought i'd share for people interested:

http://securitylabs.websense.com/content/Blogs/3127.aspx

Thanks for the information Nico.

Regards,

nico, that packer looks like morphine (unpacks original pe file to the heap)

Yes it does.
But from what i saw, it's not morphine.
This sort of technique gets more and more common, the loader uses no fancy headers in order to bypass heuristics.