![]() NOTE: there is not password protection for this malware. Git clone my git repo ( ) and copy the malware_g.7z into the Windows VM. Download the malware – play with your own risk! If you have a Hex-Rays decompiler already, use it to make your life easier. ![]() Remember – the key point of MRE is not to fully understand every line of disassembly, but rather to construct a big picture of the malware in a high-level programming language, e.g., C/C++. In this post, we will play disassembly code heavily with both tools. For static analysis, this means IDA for dynamic analysis, it is OllyDbg (and WinDbg for Windows kernel debugging). While most tools for MRE are staightforward, some of them require time, patience, and skills to show the full power. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |