Static analysis of a ransomware

[mrmz]

Hi to all,
I`m beginner in malware analysis especially static analysis. For my university project I must analyze this ransomware:

DL link: hxxp://www .freeuploadsite. com/do.php?id=74209
password: infected

Dynamic analysis was not very hard but static analysis bothers me. This malware is packed but none of tools (such as PEiD, etc) could not detect the packer.
I`m beginner in OllyDBG and want to use it to analyze. How can I do it?

Thanks a lot.

 

[LabZero]

Hello I am pleased to read your thread.

Unfortunately explain here how to use Odbg is very difficult and I can tell you from experience that to learn how to use it we must. ... use it, of course with the basics knowledge but this I don't think is a problem.

OllyDBG is a debugging program.
it is used for debugging applications, to find bugs, which occur when an application normally uses but certainly also for the malware analysis.

Monitors the process, reading the memory allocated, and so his code (because each time you start an application, the code is copied into memory), you can insert breakpoints (runtime), the points where the thread blocks according to set actions (breakpoint on a function call X for example)

Also monitors the status of the processor registers and flags as any other debugger and decodes the machine code in assembler.

I'm sure you've seen some guide and then you'll know that is also used to see a full memory dump of the code, the process heap and the stack, so you can figure out how to run certain operations, or perform code injection, since it also says every statement addresses.

You can modify the instructions in code, how to change or other instruction, jmp and then save the modified file.

Well, this was a short review, in detail, you can read the very interesting @kram7750 threads in this forum section.

Regards

 

[Kate_L]

Try Dependency Walker & IDA Pro Free

EDIT: I made a few posts about signatures, malware research, search it.