July 2011

View all on this date written articles further down below.
31 Jul 2011

Analyzing Malware – Patching in the way!

This is in continuation to my previous posts on reverse engineering malware. Therefore, I would strongly recommend that you go through the posts one, two, and three, before moving forth with this one. If you recall, in the last post, we used disassembling and debugging techniques on the specimen to our utility and successfully identified the correct IRC login password. But is there a way to simply modify or bypass this whole password protection mechanism in the bot? If authentication process can be controlled, that'd be awesome. So, here it is; this post will show you just that.

Read more

09 Jul 2011

Analyzing malware [ slackbot ] – II

This is in continuation with the part 1 of Analyzing Malware [ slackbot ]. Code Analysis In this phase of reverse engineering malware, we will look inside the code of the specimen. We will use IDA pro, a disassembler, to open the malware exe and attempt to understand the logic behind the flow of the execution. A disassembler translates machine language into assembly language.

Read more

09 Jul 2011

Analyzing malware [ slackbot ] – I

Before starting along these analysis posts, I suggest you to read this post in order to gain understanding of the methodology to reverse engineering malware, my malware lab setup, & study resources. Behavioral Analysis In this phase, we will observe the various behaviors exhibited by the specimen. We will monitor the following:

Read more

09 Jul 2011

Analyzing Malware – begin

In the upcoming posts, I will be presenting a step by step process to analyze a piece of malware. I will be analyzing Slackbot. It is an old bot but nevertheless, customizable and useful in learning the malware analysis process.

Read more