Visual Malware Reversing - Offensive Computing

Recommendations

Info

VERATrace • Intel PIN based instruction tracing program • Usable on VMWare / VirtualBox / VirtualPC • Useful for analyzing non-obfuscated programs • Extensions planned to hide from malware • Unpacking (See Saffron-DI) • Adds import data to VERA
Veratrace Demonstration Demo 2
Page 1 and 2: Visual Malware Reversing How to Sto
Page 3 and 4: Goals • Identify structure of mal
Page 5 and 6: Complexities of Reverse Engineering
Page 7 and 8: What is VERA? • Visualizing Execu
Page 9 and 10: What the Colors Mean • Yellow - N
Page 11 and 12: Ether Improvements • Import recon
Page 13 and 14: Imported API Recovery • Removing
Page 15 and 16: Which is easier to read? No Imports
Page 17 and 18: Import Repair Process • Each impo
Page 19 and 20: Import Repair Process • New Metho
Page 21 and 22: Original Entry Point Detection •
Page 23: Problems with Ether • Heavy-weigh
Page 27 and 28: Caveat Emptor • Intel PIN is very
Page 29 and 30: VERA Analysis Machine VERA - IDA Pl
Page 31 and 32: Future Work • Memory usage analys
Page 33: http://www.offensivecomputing.net/v

Visual Malware Reversing - Offensive Computing

Create successful ePaper yourself

Delete template?

Save as template?