Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Few questions regarding malware analysis lab - how to do it properly?
Message
<blockquote data-quote="hunter44" data-source="post: 977661" data-attributes="member: 94311"><p>I decided to raise the topic, because I have few questions regarding RE of malware.</p><p>1. I'm using IDA (free) - what is best way to find main function in deassembled code? Is it even possible? I read about FLIRT signature, but I'm not sure how to use it and even if it works as I want. With huge code it is very difficult to find main function of the program. I try to analyze function by function with all info (like strings, methods, etc.) I found during file static analyze. But in the end, I think I'm a little bit stuck, because I can anlyze multiple functions but cannot find conclusion - where they are used, how the flow looks like?</p><p>2. What is the best approach to analyze code statically? What are your tips and tricks to get as much information as you can?</p><p>3. What should be the main goal when RE malware? Do we need only to find out what functionality malware has or there is always a specific goal (except how it works)? What should I look and what to search from start to the end to have a view on whole functionality?</p></blockquote><p></p>
[QUOTE="hunter44, post: 977661, member: 94311"] I decided to raise the topic, because I have few questions regarding RE of malware. 1. I'm using IDA (free) - what is best way to find main function in deassembled code? Is it even possible? I read about FLIRT signature, but I'm not sure how to use it and even if it works as I want. With huge code it is very difficult to find main function of the program. I try to analyze function by function with all info (like strings, methods, etc.) I found during file static analyze. But in the end, I think I'm a little bit stuck, because I can anlyze multiple functions but cannot find conclusion - where they are used, how the flow looks like? 2. What is the best approach to analyze code statically? What are your tips and tricks to get as much information as you can? 3. What should be the main goal when RE malware? Do we need only to find out what functionality malware has or there is always a specific goal (except how it works)? What should I look and what to search from start to the end to have a view on whole functionality? [/QUOTE]
Insert quotes…
Verification
Post reply
Top
