IDA Pro Scripting Intro - Automate Dynamic Import Resolving for REvil Ransomware
Join us for an introduction to IDA Python scripting. In this tutorial we automate resolving the dynamic imports for REvil ransomware. Expand for more...
-----
OALABS DISCORD
/ discord
OALABS PATREON
/ oalabs
OALABS TIP JAR
https://ko-fi.com/oalabs
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
Automated Malware Unpacking
https://www.unpac.me/
This is the 3rd video in a series where we learn some malware reverse engineering fundamentals using the REvil ransomware sample.
Part 1 - Unpacking REvil malware:
• REvil Ransomware Unpacked - Cheeky Ha...
Part 2 - Reversing the import hash algorithm:
• IDA Pro Tutorial - Reverse Engineerin...
Clean unpacked REvil sample:
5f56d5748940e4039053f85978074bde16d64bd5ba97f6f0026ba8172cb29e93
https://malshare.com/sample.php?actio...
IDA python REvil import builder script:
https://gist.github.com/OALabs/fc68ad...
DLL export dictionary builder script:
https://gist.github.com/OALabs/94ff4f...
Exports DB (json):
https://gist.github.com/OALabs/536fed...
Excellent IDA Python book:
https://leanpub.com/IDAPython-Book
FireEye Flare Hash Tool:
https://github.com/fireeye/flare-ida/...
Excellent blog post on dynamic API hashes:
https://blag.nullteilerfrei.de/2019/1...
Feedback, questions, and suggestions are always welcome : )
Sergei / herrcore
Sean / seanmw
As always check out our tools, tutorials, and more content over at https://www.openanalysis.net
#ReverseEngineering #IDAPro #IDAPython
Watch video IDA Pro Scripting Intro - Automate Dynamic Import Resolving for REvil Ransomware online without registration, duration hours minute second in high quality. This video was added by user OALabs 01 December 2019, don't forget to share it with your friends and acquaintances, it has been viewed on our site 14,700 once and liked it 325 people.