MazeWalker v0.2 - Fixing code and data mix

• Detection and resolution of call-based data & code mix techniques (more in the wiki)
  • in case of unexecuted code, there is a manual context-based option to fix the same problem
• Performance optimizations
• Several bug fixes

Test subject with all the runtime info also attached. (pass is infected)
Usage instructions could be found in the previous release description.

MazeWalker v0.1

MazeUI_v0.1.zip
MazeTracer_v0.1.zip

• preview release
• Python 2.7 must be previously installed
• config.json must be edited to supply the full path to MazeTracer directory and PyScripts directory.
  • the included configuration defaults to pin32_dir: c:\MazeTracer\ and script_path : c:\MazeTracer\pyscripts\
• sugested way of use:
  • Create a directory to store output files (e.g. c:\out)
  • Open cmd.exe and cd to extracted directory (e.g. c:\mazetracer)
  • use the following line - pin.exe -follow_execv -t c:\MazeTracer\MazeTracer.dll -cfg c:\MazeTracer\config.json -out c:\out -- [path_to_sample]
• The results from c:\out should be used to conduct static analysis in IDA. Please see example in wiki.
• Attached also raw results from running MazeTracer on a sample from Gozi family. Pass: infected.
• In case of troubles, ping me and I'll help you to set things up