App Review Malware Analysis - Simple Habits to Stop Going Down the Rabbit Hole

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
struppigel

struppigel

Moderator
Thread author
Verified
Staff Member
Well-known
Apr 9, 2020
656


To summarize:

Don't dive immediately into code, create an overview first.
To do so:
  • always extract strings (IDA strings tab is no replacement)
  • always check file in a hex editor
  • use visualization for large files to find interesting areas
  • use automated analysis reports
  • along the way make notes of interesting structures, strings, characteristics, behaviour
Strings extractors and hex editor cannot be fooled that easily. They work regardless of the file type.

If you go down a rabbit hole:
  • stop, take a step back, take a break
  • talk to colleagues, friends or a rubber duck about it
  • go back to creating an overview again
  • ask for help
 
Last edited:

struppigel

Moderator
Thread author
Verified
Staff Member
Well-known
Apr 9, 2020
656
Thank you.
Yes, since I am analysing a sample, there is no way to shorten it more. I wish I could talk faster in English, though. I have to think too much.
Regarding the wallpaper: At first I wanted to say that this is just a VM but then I realized I have my wallpaper on my actual laptop for at least 7 years now. So I guess that's just me. :giggle:
 

avman1995

New Member
Nov 4, 2020
2
Also if you are reversing: its best to use tools like IDA-Scope when you are in doubt of whatever encryption a sample is using to protect its goodies. Another great hint in that regard would be to look for functions that are called plenty of times in IDA (xrefs) chances are that its something important !! Its okay to break your head on things sometimes. I have figures that's how i tend to remember things. If it gets too far ask for help but try it yourself first! Just start slow you can't pick up everything at once. Keep looking for stuff to analyze especially if the family has OSINIT reports on it they will help you enormously in understanding (try to emulate whatever they find and understand the technicalities). You have to keep going at it, only then the sword will get sharp and remain sharp !
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top