Hey Jai, great content! thanks :) Any chance you can point me to a download link for Autoit extractor? i saw that the original Gitlab of the author is down :(
Really depends on the sample, what obfuscation is used, and what you're trying to take away from it. Got an example? For example: - if it's obfuscated using a commodity obfuscator and is dotnet, then de4dot may automatically deobfuscate for you. - if it's sleeping using a Windows API you could hook that API and just have it return, now the sleep isn't an issue and dynamic analysis can continue. - github.com/x64dbg/ScyllaHide has a lot of capability when it comes to malware that tries to defeat dynamic analysis
Unfortunately that'd be nearly impossible. It is always expanding depending on what needs analysing. All tools used in the video are in the description. As a starting point I'd look at the tools included in Flare VM and customise it as needed. github.com/mandiant/flare-vm
Just recently completed a course in analysis and RE and keen to see others workflows, so this helps! Thanks.
Great work! Thanks for sharing with us
Great work as always Jai
thanks, learned a new tool ie pe-sieve
Just got into Mal RE ! that was interesting
Hey Jai, great content! thanks :)
Any chance you can point me to a download link for Autoit extractor?
i saw that the original Gitlab of the author is down :(
Oh really? 😧
I believe this is the same copy of it, albeit it may be shared by someone else:
github.com/digitalsleuth/autoit-extractor
nice vid
How do you investigate a sample that is super obfuscated and also sleeps for a long time so dynamic analysis isnt really possible?
Really depends on the sample, what obfuscation is used, and what you're trying to take away from it. Got an example?
For example:
- if it's obfuscated using a commodity obfuscator and is dotnet, then de4dot may automatically deobfuscate for you.
- if it's sleeping using a Windows API you could hook that API and just have it return, now the sleep isn't an issue and dynamic analysis can continue.
- github.com/x64dbg/ScyllaHide has a lot of capability when it comes to malware that tries to defeat dynamic analysis
ah thanks!
Can you share all your tools use on malware analysis
Unfortunately that'd be nearly impossible. It is always expanding depending on what needs analysing.
All tools used in the video are in the description. As a starting point I'd look at the tools included in Flare VM and customise it as needed.
github.com/mandiant/flare-vm