IDA Pro Scripting Intro - Automate Dynamic Import Resolving for REvil Ransomware
Join us for an introduction to IDA Python scripting. In this tutorial we automate resolving the dynamic imports for REvil ransomware. Expand for more...
-----
OALABS DISCORD
/ discord
OALABS PATREON
/ oalabs
OALABS TIP JAR
https://ko-fi.com/oalabs
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
Automated Malware Unpacking
https://www.unpac.me/
This is the 3rd video in a series where we learn some malware reverse engineering fundamentals using the REvil ransomware sample.
Part 1 - Unpacking REvil malware:
• REvil Ransomware Unpacked - Cheeky Ha...
Part 2 - Reversing the import hash algorithm:
• IDA Pro Tutorial - Reverse Engineerin...
Clean unpacked REvil sample:
5f56d5748940e4039053f85978074bde16d64bd5ba97f6f0026ba8172cb29e93
https://malshare.com/sample.php?actio...
IDA python REvil import builder script:
https://gist.github.com/OALabs/fc68ad...
DLL export dictionary builder script:
https://gist.github.com/OALabs/94ff4f...
Exports DB (json):
https://gist.github.com/OALabs/536fed...
Excellent IDA Python book:
https://leanpub.com/IDAPython-Book
FireEye Flare Hash Tool:
https://github.com/fireeye/flare-ida/...
Excellent blog post on dynamic API hashes:
https://blag.nullteilerfrei.de/2019/1...
Feedback, questions, and suggestions are always welcome : )
Sergei / herrcore
Sean / seanmw
As always check out our tools, tutorials, and more content over at https://www.openanalysis.net
#ReverseEngineering #IDAPro #IDAPython
Смотрите видео IDA Pro Scripting Intro - Automate Dynamic Import Resolving for REvil Ransomware онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь OALabs 01 Декабрь 2019, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 14,700 раз и оно понравилось 325 людям.