Visual Malware Reversing - Offensive Computing

Recommendations

Info

Complexities of Reverse Engineering • Most malware is compiled Intel x86 Assembly Compiler • Machine code is more complex • Optimizations make analysis more difficult • Total code size is 1,200 instructions • 118 Relevant assembly instructions • Much of machine code is compiler boiler plate Reverse Engineering C Code – 45 lines Relevant Assembly Code
Complexities of Reverse Engineering • Executables can be obfuscated Compiler Packing / Obfuscations Information Loss - (Comments, Variable Names, Original Structure of Code
Page 1 and 2: Visual Malware Reversing How to Sto
Page 3: Goals • Identify structure of mal
Page 7 and 8: What is VERA? • Visualizing Execu
Page 9 and 10: What the Colors Mean • Yellow - N
Page 11 and 12: Ether Improvements • Import recon
Page 13 and 14: Imported API Recovery • Removing
Page 15 and 16: Which is easier to read? No Imports
Page 17 and 18: Import Repair Process • Each impo
Page 19 and 20: Import Repair Process • New Metho
Page 21 and 22: Original Entry Point Detection •
Page 23 and 24: Problems with Ether • Heavy-weigh
Page 25 and 26: Veratrace Demonstration Demo 2
Page 27 and 28: Caveat Emptor • Intel PIN is very
Page 29 and 30: VERA Analysis Machine VERA - IDA Pl
Page 31 and 32: Future Work • Memory usage analys
Page 33: http://www.offensivecomputing.net/v

Visual Malware Reversing - Offensive Computing

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?