Results 1 to 9 of 9

Thread: Malware analysis examples @ Websense

  1. #1
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,147
    Blog Entries
    5

    Malware analysis examples @ Websense

    A couple of recent malware analysis articles of general interest..

    Packer Detection and Generic Unpacking Techniques
    http://www.websense.com/securitylabs/blog/blog.php?BlogID=176


    Unscrambling Custom obfuscation and Executable "infection"
    http://www.websense.com/securitylabs/blog/blog.php?BlogID=178

  2. #2

    Question

    dunno abt the second one but the first one has got nothing special at all
    Found in the OpenGL header file for Visual C++ 6: 'typedef GLint int '. AAAARRRRGGGHHHH!!! [Don't get it? You're not a C programmer.]

    A hacker does for love what others would not do for money.

    Being married to a programmer is like having a cat. You talk to it but you're never really sure if it hears you, much less comprehends what you say.

  3. #3
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,147
    Blog Entries
    5
    I knew someone would say that..

    I understand what you're saying, BUT..

    To anyone who knows about the Olly "ESP trick" for breaking on the OEP of some packed executables and has done it all before yadayada.. yes, you're right.

    But, For those who are unsure of what "ESP trick" or even "OEP" stands for.. then no, it's a very nice example that is now referenced in our forum and indexed in the Search function under the general keywords "Packer Detection" and "Generic Unpacking Techniques". That does make it special then for all the new seekers to come by this way in the future, which is after all part of our purpose here..


  4. #4
    Thanks Kayaker for the publicity

    I wrote the second blog, but a colleague of mine, wrote the first one.
    The guy is well aware that this trick is known to any average reverser, but that's not the point of the blog post, as Kayaker said.

    Beside , a blog post isn't a technical paper, it's just something for people to read and enjoy (or not
    Real ones don't need source

  5. #5
    I understand what you're saying, BUT..
    am glad you understand and i guess i was a bit misunderstood. i said it had nothing special but i didn't mean it shouldn't be here
    its just that the title[Packer Detection and Generic Unpacking Techniques] was a bit misleading for me and i thought it had more than the ESP trick.

    I understand that i didnt think from the newbie's perspective which is wrong and an example of what you are talking abt can be seen here
    http://forums.accessroot.com/index.php?s=&showtopic=6681&view=findpost&p=44963

    btw after these posts it would definitely turn up in the search engine under the keywords "Packer Detection" and "Generic Unpacking Techniques" "OEP packed" "esp trick"

    Nice work Nico, am sure people will find it helpful
    Last edited by GEEK; March 20th, 2008 at 14:06.
    Found in the OpenGL header file for Visual C++ 6: 'typedef GLint int '. AAAARRRRGGGHHHH!!! [Don't get it? You're not a C programmer.]

    A hacker does for love what others would not do for money.

    Being married to a programmer is like having a cat. You talk to it but you're never really sure if it hears you, much less comprehends what you say.

  6. #6
    joren
    Guest
    Quote Originally Posted by GEEK View Post
    am glad you understand and i guess i was a bit misunderstood. i said it had nothing special but i didn't mean it shouldn't be here
    its just that the title[Packer Detection and Generic Unpacking Techniques] was a bit misleading for me and i thought it had more than the ESP trick.
    Hi GEEK,

    I actually find the title a bit misleading too, my fault . You're correct in that the main goal was to have folks understand what they are doing instead of falling into a pattern. What specific registers are generally used for, purposes of the different breakpoints, etc.

    Thanks for the feedback GEEK/Kayaker

    - Joren
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,147
    Blog Entries
    5
    Welcome Joren,

    How about we say that that was the first of a series of blog posts by you under that general heading? Since we all like to read that kind of stuff then everbody will be happy

    The contributions are always appreciated, keep up the good work.

    Regards,
    Kayaker

  8. #8
    Hi Joren,

    Nice work on the tutorial mate
    am glad my post was not taken out of context
    Kayaker is right we all would like to see more articles from you


    GEEK
    Found in the OpenGL header file for Visual C++ 6: 'typedef GLint int '. AAAARRRRGGGHHHH!!! [Don't get it? You're not a C programmer.]

    A hacker does for love what others would not do for money.

    Being married to a programmer is like having a cat. You talk to it but you're never really sure if it hears you, much less comprehends what you say.

  9. #9
    Thanks Nico and joren. Nice articles, they made for a good bedtime story (not saying they were boring, I was just on my way to sleep and saw this thread). Now to the off-topic part, my company used to use websense hardware filters to control user traffic. I guess we switched because it was cheaper, but just funny to me that I saw their name here.

    Also:
    btw after these posts it would definitely turn up in the search engine under the keywords "Packer Detection" and "Generic Unpacking Techniques" "OEP packed" "esp trick"

Similar Threads

  1. Allaple Malware analysis for illustration..
    By encryptedmind in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: April 4th, 2013, 23:47
  2. Malware analysis Machine Reimaging
    By charlie in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: October 24th, 2010, 14:49
  3. Interesting Malware analysis write up.
    By charlie in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: May 11th, 2010, 15:16
  4. Capture, care and analysis of Malware made easy
    By Kayaker in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: April 17th, 2007, 02:40
  5. Malware analysis: Nailuj sys file
    By Kayaker in forum Malware Analysis and Unpacking Forum
    Replies: 6
    Last Post: March 18th, 2007, 22:56

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •