How To Defeat Anti-VM and Anti-Debug Packers With IDA Pro
Open Analysis Live! We use IDA Pro and the debugger to unpack a Loki malware sample from a packer that has a ton of anti-analysis, anti-debug, and ant-vm tricks.
Automated Malware Unpacking
https://www.unpac.me/
The original sample from Malware Traffic Analysis:
http://www.malware-traffic-analysis.net/2017/11/16/index.html
The hybrid-analysis sandbox run:
https://www.hybrid-analysis.com/sample/8a3e6b18b0532c63b3e7eda71e6962f5128c2be9e8f52a817bd90d701852473a?environmentId=100
Two excellent manuals for understanding anti-analysis tricks (PDF):
http://anti-reversing.com/Downloads/Anti-Reversing/The_Ultimate_Anti-Reversing_Reference.pdf
https://www.blackhat.com/presentations/bh-usa-07/Yason/Whitepaper/bh-usa-07-yason-WP.pdf
The unpacked sample:
https://www.hybrid-analysis.com/sample/4447d464723e1276756f03fc7a77b3d99ea379d5decbc6d78478aad4c498e2ac?environmentId=100
LordPE ... old school cool : ))
https://www.aldeid.com/wiki/LordPE
We are always looking for feedback, what did you like, what do you want to see more of, what do you want to see us analyze next? Let us know on twitter:
https://twitter.com/herrcore
https://twitter.com/seanmw
As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
P.S.
@BinaryAdventure has created an excellent tutorial demonstrating the same technique but using OllyDbg! Check it out https://youtu.be/g_fziRrG_Aw
Видео How To Defeat Anti-VM and Anti-Debug Packers With IDA Pro канала OALabs
Automated Malware Unpacking
https://www.unpac.me/
The original sample from Malware Traffic Analysis:
http://www.malware-traffic-analysis.net/2017/11/16/index.html
The hybrid-analysis sandbox run:
https://www.hybrid-analysis.com/sample/8a3e6b18b0532c63b3e7eda71e6962f5128c2be9e8f52a817bd90d701852473a?environmentId=100
Two excellent manuals for understanding anti-analysis tricks (PDF):
http://anti-reversing.com/Downloads/Anti-Reversing/The_Ultimate_Anti-Reversing_Reference.pdf
https://www.blackhat.com/presentations/bh-usa-07/Yason/Whitepaper/bh-usa-07-yason-WP.pdf
The unpacked sample:
https://www.hybrid-analysis.com/sample/4447d464723e1276756f03fc7a77b3d99ea379d5decbc6d78478aad4c498e2ac?environmentId=100
LordPE ... old school cool : ))
https://www.aldeid.com/wiki/LordPE
We are always looking for feedback, what did you like, what do you want to see more of, what do you want to see us analyze next? Let us know on twitter:
https://twitter.com/herrcore
https://twitter.com/seanmw
As always check out our tools, tutorials, and more content over at http://www.openanalysis.net
P.S.
@BinaryAdventure has created an excellent tutorial demonstrating the same technique but using OllyDbg! Check it out https://youtu.be/g_fziRrG_Aw
Видео How To Defeat Anti-VM and Anti-Debug Packers With IDA Pro канала OALabs
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![IDA Pro Malware Analysis Tips](https://i.ytimg.com/vi/qCQRKLaz2nQ/default.jpg)
![Disabling an anti-debugger method](https://i.ytimg.com/vi/h54jlxpyT3w/default.jpg)
![How to crack Filmora and remove the trial limitations using x64dbg](https://i.ytimg.com/vi/UZzd096Z850/default.jpg)
![Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)](https://i.ytimg.com/vi/WthvahlAYFY/default.jpg)
![Unpacking Themida 2.x 64bit … Without Actually Unpacking - REDUX!](https://i.ytimg.com/vi/ggiYRdTrbFk/default.jpg)
![Reverse Engineering Basics](https://i.ytimg.com/vi/a2EkORFcSZo/default.jpg)
![Analyze JavaScript and VBScript Malware With x64dbg Debugger and API Hooking](https://i.ytimg.com/vi/uqhBsWXUw7Q/default.jpg)
![Unpacking Process Injection Malware With IDA PRO (Part 2)](https://i.ytimg.com/vi/kdNQhfgoQoU/default.jpg)
![Reverse Engineering Anti-VM Detections in Malware - Subscriber Request Part 2](https://i.ytimg.com/vi/8yHLqZ3k1Xs/default.jpg)
![MMORPG Bot Reverse Engineering and Tracking](https://i.ytimg.com/vi/irhcfHBkfe0/default.jpg)
![Reverse Engineering - Bypass anti-vm tricks with Immunity](https://i.ytimg.com/vi/Bqh0cZDp2vc/default.jpg)
![WinDbg Basics for Malware Analysis](https://i.ytimg.com/vi/QuFJpH3My7A/default.jpg)
![How To Sinkhole A Botnet](https://i.ytimg.com/vi/FAFuSO9oAl0/default.jpg)
![Unpacking Process Injection Malware With IDA PRO (Part 1)](https://i.ytimg.com/vi/ScBB-Hi7NxQ/default.jpg)
![IDA Pro Decompiler Basics Microcode and x86 Calling Conventions](https://i.ytimg.com/vi/T0tdj1WDioM/default.jpg)
![Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python](https://i.ytimg.com/vi/EdchPEHnohw/default.jpg)
![IDA Debugging Part 1 - Solving a CrackMe](https://i.ytimg.com/vi/tt15P5Om3Zg/default.jpg)
![Sandbox Tricks For Faster Reverse Engineering](https://i.ytimg.com/vi/rDQmh1yFWGU/default.jpg)
![CppCon 2017: James McNellis “Everything You Ever Wanted to Know about DLLs”](https://i.ytimg.com/vi/JPQWQfDhICA/default.jpg)
![Five Awesome Tools to perform Behavioural Analysis of Malware](https://i.ytimg.com/vi/noErOEHcAj8/default.jpg)