OALabs | IRC Botnet Reverse Engineering Part 1 - Preparing Binary for Analysis in IDA PRO @OALABS | Uploaded 4 years ago | Updated 3 hours ago
The first part of our in-depth malware reverse engineering series analyzing an IRC worm from 2010. In this part we use IDA Pro and Python to decrypt the strings and resolved the dynamic imports to prepare the binary for analysis....
-----
OALABS DISCORD
discord.gg/6h5Bh5AMDU
OALABS PATREON
patreon.com/oalabs
OALABS TIP JAR
ko-fi.com/oalabs
OALABS GITHUB
github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
unpac.me/#
-----
Automated Malware Unpacking
unpac.me
Unpacked binary (malshare)
malshare.com/sample.php?action=detail&hash=51e49a9ca65fac6e43827738f90bc475
SHA256 hash:
4eb33ce768def8f7db79ef935aabf1c712f78974237e96889e1be3ced0d7e619
IDA Pro string decryption script
gist.github.com/herrcore/72b0d1e32f7f9b3c193fe368eb75c6f5
Hex Copy IDA plugin for fast data copy-paste
gist.github.com/herrcore/01762779ae4ac130d3beb02bf8e99826
In-depth string decryption and import resolving video series with REvil ransomware:
youtube.com/watch?v=0raUaL4TIo4&list=PLGf_j68jNtWG_H85OLEBpvkMSsREubo7n
MalwareAnalysisForHedgehogs - Network Worm Basics
youtu.be/LxajkPFJsIo
Feedback, questions, and suggestions are always welcome : )
Sergei twitter.com/herrcore
Sean twitter.com/seanmw
As always check out our tools, tutorials, and more content over at openanalysis.net
#IDAPro #Botnet #MalwareAnalysis
The first part of our in-depth malware reverse engineering series analyzing an IRC worm from 2010. In this part we use IDA Pro and Python to decrypt the strings and resolved the dynamic imports to prepare the binary for analysis....
-----
OALABS DISCORD
discord.gg/6h5Bh5AMDU
OALABS PATREON
patreon.com/oalabs
OALABS TIP JAR
ko-fi.com/oalabs
OALABS GITHUB
github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
unpac.me/#
-----
Automated Malware Unpacking
unpac.me
Unpacked binary (malshare)
malshare.com/sample.php?action=detail&hash=51e49a9ca65fac6e43827738f90bc475
SHA256 hash:
4eb33ce768def8f7db79ef935aabf1c712f78974237e96889e1be3ced0d7e619
IDA Pro string decryption script
gist.github.com/herrcore/72b0d1e32f7f9b3c193fe368eb75c6f5
Hex Copy IDA plugin for fast data copy-paste
gist.github.com/herrcore/01762779ae4ac130d3beb02bf8e99826
In-depth string decryption and import resolving video series with REvil ransomware:
youtube.com/watch?v=0raUaL4TIo4&list=PLGf_j68jNtWG_H85OLEBpvkMSsREubo7n
MalwareAnalysisForHedgehogs - Network Worm Basics
youtu.be/LxajkPFJsIo
Feedback, questions, and suggestions are always welcome : )
Sergei twitter.com/herrcore
Sean twitter.com/seanmw
As always check out our tools, tutorials, and more content over at openanalysis.net
#IDAPro #Botnet #MalwareAnalysis