OALabs | IRC Botnet Reverse Engineering Part 1 - Preparing Binary for Analysis in IDA PRO @OALABS | Uploaded 4 years ago | Updated 3 hours ago
The first part of our in-depth malware reverse engineering series analyzing an IRC worm from 2010. In this part we use IDA Pro and Python to decrypt the strings and resolved the dynamic imports to prepare the binary for analysis....
-----
OALABS DISCORD
discord.gg/6h5Bh5AMDU
OALABS PATREON
patreon.com/oalabs
OALABS TIP JAR
ko-fi.com/oalabs
OALABS GITHUB
github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
unpac.me/#
-----
Automated Malware Unpacking
unpac.me
Unpacked binary (malshare)
malshare.com/sample.php?action=detail&hash=51e49a9ca65fac6e43827738f90bc475
SHA256 hash:
4eb33ce768def8f7db79ef935aabf1c712f78974237e96889e1be3ced0d7e619
IDA Pro string decryption script
gist.github.com/herrcore/72b0d1e32f7f9b3c193fe368eb75c6f5
Hex Copy IDA plugin for fast data copy-paste
gist.github.com/herrcore/01762779ae4ac130d3beb02bf8e99826
In-depth string decryption and import resolving video series with REvil ransomware:
youtube.com/watch?v=0raUaL4TIo4&list=PLGf_j68jNtWG_H85OLEBpvkMSsREubo7n
MalwareAnalysisForHedgehogs - Network Worm Basics
youtu.be/LxajkPFJsIo
Feedback, questions, and suggestions are always welcome : )
Sergei twitter.com/herrcore
Sean twitter.com/seanmw
As always check out our tools, tutorials, and more content over at openanalysis.net
#IDAPro #Botnet #MalwareAnalysis
The first part of our in-depth malware reverse engineering series analyzing an IRC worm from 2010. In this part we use IDA Pro and Python to decrypt the strings and resolved the dynamic imports to prepare the binary for analysis....
-----
OALABS DISCORD
discord.gg/6h5Bh5AMDU
OALABS PATREON
patreon.com/oalabs
OALABS TIP JAR
ko-fi.com/oalabs
OALABS GITHUB
github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
unpac.me/#
-----
Automated Malware Unpacking
unpac.me
Unpacked binary (malshare)
malshare.com/sample.php?action=detail&hash=51e49a9ca65fac6e43827738f90bc475
SHA256 hash:
4eb33ce768def8f7db79ef935aabf1c712f78974237e96889e1be3ced0d7e619
IDA Pro string decryption script
gist.github.com/herrcore/72b0d1e32f7f9b3c193fe368eb75c6f5
Hex Copy IDA plugin for fast data copy-paste
gist.github.com/herrcore/01762779ae4ac130d3beb02bf8e99826
In-depth string decryption and import resolving video series with REvil ransomware:
youtube.com/watch?v=0raUaL4TIo4&list=PLGf_j68jNtWG_H85OLEBpvkMSsREubo7n
MalwareAnalysisForHedgehogs - Network Worm Basics
youtu.be/LxajkPFJsIo
Feedback, questions, and suggestions are always welcome : )
Sergei twitter.com/herrcore
Sean twitter.com/seanmw
As always check out our tools, tutorials, and more content over at openanalysis.net
#IDAPro #Botnet #MalwareAnalysis
![View Disassembly and Pseudocode Windows Synchronize Side-by-Side In IDA Pro [ Patreon Unlocked ]](https://i.ytimg.com/vi/QZQyYkP4Bbg/hqdefault.jpg "View Disassembly and Pseudocode Windows Synchronize Side-by-Side In IDA Pro [ Patreon Unlocked ]
How to view disassembly and pseudocode windows side-by-side in IDA Pro. Subscribe for more tips: https://www.patreon.com/oalabs
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/")
