README.md

malware_analysis_writeups

This repo contains some binary analysis writeups for malware and crackmes.

Malware list

Real/modern malware

• HEUR:Trojan-Spy.Win32.Stealer.gen
• Trojan-Ransom.Win32.Fixer.a

Educational/PMA book

• Trojan:Win32/Aenjaris.CT!bit
• Trojan/Win32.StartPage.C26214
• TrojanClicker:Win32/Tnega.3bb840a6
• Win.Trojan.Agent-375080
• Win32:Agent-OLH [Trj]
• Trojan:Win32/Generic.78682e8f: pt1, pt2, pt3, pt4

Crackmes

• Crackmes.one f0rizen's find a real key - zero day solution

Tools I use

Existing VX checkers

• VirusTotal Online Analysis

Static/Dynamic analysis

• r2 - cheatsheet
• IdaPRO Free
• x64DBG
• gdb

Checkers/static analysis

• diec
• pev/peres
• strings

Obfuscation/Packagers

• unipacker
• upx

Analysis VM setup

• VirtualBox
• Official Win7 VM image
• Wireshark
• Procmon
• Regshot
• r2

Additioanl tools:

• INetSim
• commandbox