1.1 KiB
1.1 KiB
Malware
Tools
Detect is Easy
-
Analyze signatures with capa via
capa <binary>
-
Unpack with
upx -
Re-analyze after deleting the cache
del <binary>.viv
Strings
Tools for String searching and deobfuscations are
Lab Setup
Fuzzy Hashing
Splits the file into pieces and generates a hash from that to provide hashes of partial binaries.
This can be done via ssdeep, maybe in recursive mode.
Resources
- MalAPI.io provides an overview of functions used by malware
- Extracting obfuscated strings
- Abuse's Bazaar
- Malware Behavior Catalog