@OALABS
@OALABS
OALabs | IDA Pro Malware Analysis Tips @OALABS | Uploaded 6 years ago | Updated 23 minutes ago
Open Analysis Live! A few tips and tricks to help you analyze malware with IDA Pro.

-----
OALABS DISCORD
discord.gg/6h5Bh5AMDU

OALABS PATREON
patreon.com/oalabs

OALABS TIP JAR
ko-fi.com/oalabs

OALABS GITHUB
github.com/OALabs

UNPACME - AUTOMATED MALWARE UNPACKING
unpac.me/#

-----

Automated Malware Unpacking
unpac.me

PE Mapped Virtual Address vs. Offset In Binary File: 02:55
IDA Pro Layout Tips: 05:10
Dynamically Resolving APIs: 08:10
IDA Pro Remote Debugger Setup and Use: 09:06
Walking Call Chain From Hooked API Back To Malware: 22:59
Using Memory Snapshots To Unpack Malware (Quick Unpacking): 40:07
Win32 API Calls and The Stack (How To Change Arguments On The Fly): 46:28
IDA Pro Remote Debugger (Debugging a DLL): 01:16:32


PE basics including how a PE is mapped in memory:
http://www.delphibasics.info/home/delphibasicsarticles/anin-depthlookintothewin32portableexecutablefileformat-part1

http://www.delphibasics.info/home/delphibasicsarticles/anin-depthlookintothewin32portableexecutablefileformat-part2

Link to the most excellent IDA Pro book:
nostarch.com/idapro2.htm

Microsoft calling conventions:
msdn.microsoft.com/en-us/library/k2b2ssfy.aspx

RegTestUPX1.exe (benign demo application, safe to run):
virustotal.com/en/file/31e8a11960d0492b64241354c567643f09f0e0278658d31e75d6f2362dbfae44/analysis/1486886366

final_unmapped.dll (DLL demo **WARNING REAL MALWARE ONLY RUN IN A VM)
virustotal.com/en/file/275f927f5cc809ebba57c6e766c550d2d27b1841708459a876c6f5a99201ecb6/analysis

We are always looking for feedback, what did you like, what do you want to see more of, what do you want to see us analyze next? Let us know on twitter:
twitter.com/herrcore
twitter.com/seanmw

As always check out our tools, tutorials, and more content over at http://www.openanalysis.net

#IDAPro #ReverseEngineering #MalwareAnalysis
IDA Pro Malware Analysis TipsSandbox Tricks For Faster Reverse EngineeringWhy Is The PE Entry Point Not The Same As Main SEH and The _security_init_cookie [Patreon Unlocked]What Is The Most Interesting Malware From 2022 [ Reverse Engineering AMA ]Botleggers Exposed - Analysis of The Conti Leaks MalwareAnalyze JavaScript and VBScript Malware With x64dbg Debugger and API HookingAre Red Team Tools Helping or Hurting Our Industry? [OALABS Call-In Show]How Do Packers Work - Reverse Engineering FUD Aegis CrypterUnderstanding The PEB for Reverse Engineersx64dbg System Breakpoint ExplainedUnpacking Bokbot / IcedID Malware - Part 1Reverse Engineering a DGA (Domain Generation Algorithm)

IDA Pro Malware Analysis Tips @OALABS

SHARE TO X SHARE TO REDDIT SHARE TO FACEBOOK WALLPAPER