Malware Loader Reverse Engineering with IDA Pro (Stream - 06/05/2025)
In this stream we reverse engineered a malware loader with IDA Pro, including its anti-analysis, persistence, COM UAC Bypass, command-line spoofing, C2, process injection, and TCP proxy functionality.
Learn how to reverse engineer malware: https://training.invokere.com/course/imbt
Notes: https://github.com/Invoke-RE/stream-notes/tree/main/koiloader
Twitch: https://www.twitch.tv/InvokeReversing
Twitter: https://twitter.com/InvokeReversing
Mastodon: https://infosec.exchange/@invokereversing
Intro and Background 00:00
Anti-Language Check 02:45
Anti-VM and Anti-Analysis 04:30
Sandbox File Anti-Analysis 10:09
Username Anti-Analysis 23:40
More File Anti-Analysis 25:16
Loader Functionality 27:11
Persistence Javascript and MS Defender Exclusion 36:08
Command Line Spoofing 37:22
COM UAC Bypass 46:51
Answering Questions 52:17
Reversing Continued 58:33
C2 Functionality 01:01:01
Loader Functionality 01:07:00
Process Injection Functionality 01:24:45
Cleanup Functionality 01:34:10
TCP Proxy Functionality 01:34:53
Видео Malware Loader Reverse Engineering with IDA Pro (Stream - 06/05/2025) канала Invoke RE
Learn how to reverse engineer malware: https://training.invokere.com/course/imbt
Notes: https://github.com/Invoke-RE/stream-notes/tree/main/koiloader
Twitch: https://www.twitch.tv/InvokeReversing
Twitter: https://twitter.com/InvokeReversing
Mastodon: https://infosec.exchange/@invokereversing
Intro and Background 00:00
Anti-Language Check 02:45
Anti-VM and Anti-Analysis 04:30
Sandbox File Anti-Analysis 10:09
Username Anti-Analysis 23:40
More File Anti-Analysis 25:16
Loader Functionality 27:11
Persistence Javascript and MS Defender Exclusion 36:08
Command Line Spoofing 37:22
COM UAC Bypass 46:51
Answering Questions 52:17
Reversing Continued 58:33
C2 Functionality 01:01:01
Loader Functionality 01:07:00
Process Injection Functionality 01:24:45
Cleanup Functionality 01:34:10
TCP Proxy Functionality 01:34:53
Видео Malware Loader Reverse Engineering with IDA Pro (Stream - 06/05/2025) канала Invoke RE
Комментарии отсутствуют
Информация о видео
18 мая 2025 г. 18:58:19
01:41:10
Другие видео канала
Reverse Engineering with AI: Binary Ninja MCP Development Stream (20/05/2025)
x64dbg Christmas Theme
Stealer Malware Analysis Part 3 (Stream - 22/04/2025)
Exploring the Sliver and Havoc C2 Frameworks (Stream - 30-03-2024)
Introduction to Malware Binary Triage (Course Trailer)
Time Travel Debugging in Binary Ninja with Xusheng Li
Analyzing and Unpacking Qakbot Using Binary Ninja Automation Part 2
Beginner Malware Analysis: DCRat with dnSpy (Stream 03/06/2025)
Malware Network Monitoring (Course Preview)
Golang Deobfuscation with Binary Ninja (Stream - 04/01/2025)
Binary Ninja Sidekick 2.0: Analyzing Ransomware with Large Language Models
Binary Ninja Sidekick: Reverse Engineering Malware with Large Language Models
BRC4 Malware Analysis and Deobfuscation (Stream - 9/11/2024)
Introduction to Malware Binary Triage Course (Binary Ninja Edition)
IDA Hex-Rays Automation for BRC4 Obfuscation (Stream - 22/12/2024)
AI Malware Reverse Engineering with Binary Ninja MCP Server (Stream - 11/04/2025)
IMBT Binary Ninja Edition Teaser
Stealer Malware Analysis Part 2 (Stream - 15/04/2025)
Beginner Malware Analysis: Babuk Ransomware with IDA Pro (Stream - 13/05/2025)
Learning IDA Hex Rays Python API to Analyze Sliver Obfuscation (Stream - 21-06-2024)
